Lucene search
+L

196 matches found

Prion
Prion
added 2009/05/01 5:30 p.m.12 views

Design/Logic Flaw

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node...

7.5CVSS7.3AI score0.01355EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2009/05/01 5:30 p.m.16 views

CVE-2009-1507

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node...

7.5CVSS6.7AI score0.01355EPSS
Exploits0References4
CVE
CVE
added 2009/05/01 5:0 p.m.36 views

CVE-2009-1507

The vulnerability CVE-2009-1507 affects the Drupal Node Access User Reference module (5.x prior to 5.x-2.0-beta4 and 6.x prior to 6.x-2.0-beta6). The module interprets an empty CCK user reference as the anonymous user, potentially bypassing access controls to read or modify a node. Remediation: u...

7.5CVSS6.9AI score0.01355EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2009/04/29 12:0 a.m.17 views

SA-CONTRIB-2009-024 - Node Access User Reference - Access Bypass

Node Access User Reference enables administrators to automatically grant node access view, update, or delete to a node where the user is referenced by CCK user reference. When such a field is saved with an empty value, Node Access User Reference mistakes this for a reference to the anonymous user...

7.1AI score
Exploits0References7
Drupal
Drupal
added 2009/03/25 12:0 a.m.15 views

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...

7.2AI score
Exploits0References5
Drupal
Drupal
added 2009/01/07 12:0 a.m.14 views

SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities

This announcement covers the following two issues for the Project issue tracking module. 1. Under certain conditions, users may receive email updates for issues which they do not have proper access rights to. This issue is mainly a problem for sites that use a contributed node access module,...

6.7AI score
Exploits0References7
Drupal
Drupal
added 2008/09/17 12:0 a.m.12 views

SA-2008-049 - Talk - Multiple vulnerabilities

The Talk module for Drupal 5.x and 6.x creates a "Talk" tab for nodes in which the comments belonging to the node are displayed. Two vulnerabilities and weaknesses were discovered in the contributed Talk module. Cross site scripting The node title is treated as if it was safe text, and is not...

6AI score
Exploits0References6
Prion
Prion
added 2008/07/03 6:41 p.m.16 views

Improper access control

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions...

6.8CVSS7.3AI score0.01162EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2008/04/09 12:0 a.m.14 views

SA-2008-025 - Simple access - Access bypass

The Simple Access module is a node access module that allows administrators to make some nodes private and/or editable by certain user roles. The module contains a flaw that results in the privacy information for a node being lost under certain conditions. These conditions are usually triggered v...

6.8AI score
Exploits0References6
NVD
NVD
added 2007/07/11 5:30 p.m.21 views

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS6.7AI score0.01784EPSS
Exploits0References8
Prion
Prion
added 2007/07/11 5:30 p.m.15 views

Design/Logic Flaw

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS7.2AI score0.01784EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2007/07/11 5:30 p.m.24 views

Design/Logic Flaw

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

7.8CVSS7.2AI score0.01784EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.31 views

CVE-2007-3690

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

6.7AI score0.01784EPSS
Exploits0References8
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.21 views

CVE-2007-3689

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...

6.7AI score0.01784EPSS
Exploits0References8
Drupal
Drupal
added 2007/07/09 12:0 a.m.21 views

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

6.9AI score
Exploits0References4
Drupal
Drupal
added 2007/03/08 12:0 a.m.11 views

Project issue tracking - Access bypass

If a remote user knows the node identifier of an issue that has been marked private using a node access module simpleaccess, nodeprivacybyrole, etc, they can use a specially crafted URL to view the contents of the node, regardless of their own privileges. All that is required is the "access proje...

7.2AI score
Exploits0References2
Rows per page
Query Builder