29 matches found
DRUPAL-CONTRIB-2026-002
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...
PT-2026-2968
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...
Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...
PT-2026-2979
Name of the Vulnerable Software and Affected Versions Drupal Role Delegation versions 1.3.0 through 1.4.9 Description A privilege escalation issue exists in the Role Delegation module. The module allows site administrators to grant specific roles the authority to assign selected roles to users,...
EUVD-2009-0579
Malware in sbrugna...
EUVD-2011-3337
Malware in sbrugna...
Role Delegation - Moderately critical - Privilege escalation - SA-CONTRIB-2022-031
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. An...
DRUPAL-CONTRIB-2020-003
Views Bulk Operations provides enhancements to running bulk actions on views. The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to. This vulnerability is mitigated by the fact that it only occurs in the case of...
Views Bulk Operations (VBO) - Moderately critical - Access bypass - SA-CONTRIB-2020-003
Views Bulk Operations provides enhancements to running bulk actions on views. The module contains an access bypass vulnerability that might allow users to execute views actions that they should not have access to. This vulnerability is mitigated by the fact that it only occurs in the case of...
CVE-2011-3373
Drupal Views Builk Operations VBO module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-sit...
CVE-2015-5515
The Views Bulk Operations VBO module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO...
Fedora 22 : drupal7-views_bulk_operations-3.3-1.fc22 (2015-11318)
7.x-3.3 See SA-CONTRIB-2015-131 Changes since 7.x-3.2: - Fix security vulnerability, by AdamPS. - Remove an entitylabel workaround that core no longer needs. - Issue 2427381 by axel.rutz: Rules component lacks entity type - Issue 2418751 by anrikun: Archive action fails silently - Issue 2318273 b...
Fedora 21 : drupal7-views_bulk_operations-3.3-1.fc21 (2015-11278)
7.x-3.3 See SA-CONTRIB-2015-131 Changes since 7.x-3.2: - Fix security vulnerability, by AdamPS. - Remove an entitylabel workaround that core no longer needs. - Issue 2427381 by axel.rutz: Rules component lacks entity type - Issue 2418751 by anrikun: Archive action fails silently - Issue 2318273 b...
Drupal Views Bulk Operations Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Views Bulk Operations is one of the third-party modules used to change views on nodes. An access bypass vulnerability exists in the Drupal Views Bulk Operations module in version 6.x-1....
Views Bulk Operations - Moderately critical - Access Bypass - SA-CONTRIB-2015-131
The Views Bulk Operations module enables you to add bulk operations to administration views, executing actions on multiple selected rows. The module doesn't sufficiently guard user entities against unauthorized modification. If a user has access to a user account listing view with VBO enabled suc...
Design/Logic Flaw
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users user 0 via unspecified vectors...
CVE-2010-5277
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users user 0 via unspecified vectors...
CVE-2010-5277
The CVE-2010-5277 issue affects the Drupal module Views Bulk Operations (VBO) for Drupal 6.x prior to 6.x-1.10 . The vulnerability allows remote authenticated users with user management permissions to bypass access restrictions and delete the anonymous user (user 0) via vectors described in the D...
SA-CONTRIB-2011-042 Views Bulk Operations - Cross Site Scripting
The Views Bulk Operations VBO module allows actions and rules to be run on the selected views rows nodes, terms, user, etc. It also bundles several convenient actions. One of those actions allows the bulk modification of taxonomy terms on a node. When using the "Modify node taxonomy terms" action...
SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass
Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a...