32 matches found
Open Atrium Notifications - Less Critical - Information Disclosure - SA-CONTRIB-2016-026
Open Atrium is a distribution of Drupal that allows you to build collaborative web sites. The Open Atrium Notification module adds the ability to send email notifications to users subscribed to certain content. When combined with the Open Atrium Mailhandler app, incoming email replies to...
Drupal Open Atrium Module Security Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium is one of the team collaboration and knowledge management system modules. A security bypass vulnerability exists in the Drupal Open Atrium module that can be exploited by...
Open Atrium - Moderately Critical - Access Bypass - SA-CONTRIB-2016-003
Open Atrium allows you to control access via a hierarchy of public and private spaces and sub-spaces. If a public sub-space is created within a private parent-space, the content nodes of the public sub-space are accessible to users who are not members of the parent private space. This issue only...
Drupal Open Atrium Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium is one of the team collaboration and knowledge management system modules. A cross-site scripting vulnerability exists in Drupal Open Atrium distribution 7.x-2.51 prior to...
Open Atrium - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-174
Open Atrium distribution enables you to create an intranet. Open Atrium Core module doesn't sufficiently sanitize some user supplied text, leading to a reflected Cross Site Scripting vulnerability XSS. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordanc...
Multiple Vulnerabilities in Drupal Open Atrium Module
Drupal is a free and open source content management system developed in PHP. A cross-site request forgery, security bypass vulnerability exists in Drupal Open Atrium Module. An attacker can exploit this vulnerability to bypass security restrictions, gain unauthorized access, or perform unauthoriz...
SA-CONTRIB-2014-126 - Open Atrium - Multiple vulnerabilities
This distribution enables you to create an intranet. Several of the sub modules included do not prevent CSRF on several menu callbacks. Open Atrium Discussion also does not exit correctly after checking access on a several ajax callbacks, allowing anyone with "access content" to update and delete...
CVE-2014-8736
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...
Design/Logic Flaw
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...
CVE-2014-8736
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node...
CVE-2014-8736
The Open Atrium Core module for Drupal (OA Core) in the 7.x-2.x line is affected by CVE-2014-8736, prior to 7.x-2.22. The vulnerability lets remote attackers bypass access controls and read file attachments that were removed from a node by leveraging a previous revision of that node. The risk is ...
SA-CONTRIB-2014-099 - Open Atrium Core - Access bypass
The oacore module contains the base access control mechanism for the Open Atrium distribution OA2. In OA2, file attachments are given the same access permission as the node they are attached to. The vulnerability is when an attachment is removed from a node that has Revisions enabled. It allows...