44 matches found
Updated drupal package fixes security vulnerability
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
MGASA-2015-0425 Updated drupal package fixes security vulnerability
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
FreeBSD : drupal -- open redirect vulnerability (75f39413-7a00-11e5-a2a1-002590263bf5)
Drupal development team reports : The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents,...
drupal: open redirect
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
LABjs - Less Critical - Open Redirect - SA-CONTRIB-2015-159
The LABjs module integrates LABjs with Drupal for web performance optimization. The module ships with a modified version of the core Overlay JavaScript file, which is vulnerable to an open redirect attack see SA-CORE-2015-004. Only sites with the Overlay module enabled are vulnerable. An incomple...
Drupal Core - Overlay - Less Critical - Open Redirect - SA-CORE-2015-004
The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect...
drupal -- open redirect vulnerability
Drupal development team reports: The Overlay module in Drupal core displays administrative pages as a layer over the current page using JavaScript, rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents,...
Mageia: Security Advisory (MGASA-2015-0253)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated drupal package fixes security vulnerability
Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...
Open redirect
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2015-3233
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
UBUNTU-CVE-2015-3233
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2015-3233
CVE-2015-3233 is an open redirect vulnerability in the Drupal Overlay module for Drupal 7.x, caused by insufficient URL validation. It affects Drupal 7.x prior to 7.38 (per CVE description). Debi an advisory notes fixes across Drupal7 packages in multiple releases (e.g., Wheezy: 7.14-2+deb7u10; J...
CVE-2015-3233
Removed by vendor...
[SECURITY] [DSA 3291-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3291-1 (drupal7 - security update)
Several vulnerabilities were found in drupal7, a content management platform used to power websites. CVE-2015-3231Incorrect cache handling made private content viewed by user 1 exposed to other, non-privileged users. CVE-2015-3232 A flaw in the Field UI module made it possible for attackers to...
DSA-3291-1 drupal7 - security update
Bulletin has no description...
SA-CONTRIB-2014-048 - Field API Pane Editor (FAPE) - Access bypass
This module adds a contextual menu to fields which are added to an entity display in Panels, allowing individual fields to be directly edited via a separate page or, if it is enabled, the Overlay module. The module doesn't sufficiently verify the user has access to modify the entity the field is...
CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...