101 matches found
Design/Logic Flaw
The viewsfetchdata method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors...
CVE-2015-5509
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors...
CVE-2015-5490
The CVE-2015-5490 vulnerability affects the Drupal Views module (7.x-3.x) specifically versions 7.x-3.5 through 7.x-3.10. The root cause is that _views_fetch_data in includes/cache.inc does not rebuild the full cache when the static cache is non-empty, allowing remote attackers to bypass configur...
CVE-2015-5490
The viewsfetchdata method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors...
[SECURITY] Fedora 22 Update: drupal7-views-3.11-1.fc22
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
Views - Critical - Access Bypass - SA-CONTRIB-2015-103
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. Access bypass due cache inconsistency Due to an issue in the caching mechanism of Views it's possible that configured filters lose...
CVE-2015-3379
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2015-3378
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to t...
CVE-2015-3379
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2015-3378
CVE-2015-3378 describes an open redirect vulnerability in the Drupal Views module (versions 6.x prior to 6.x-2.18, 6.x-3.x prior to 6.x-3.2, and 7.x prior to 7.x-3.10) when the Views UI submodule is enabled. The underlying issue is an unsanitized URL handling path used to break the lock on edited...
[SECURITY] Fedora 20 Update: drupal7-views-3.10-1.fc20
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
[SECURITY] Fedora 21 Update: drupal7-views-3.10-1.fc21
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
[SECURITY] Fedora 21 Update: drupal6-views-2.18-1.fc21
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
Drupal Views Module Open Redirect Vulnerability
Drupal is written using the PHP language open source content management framework , which consists of a content management system and PHP development framework together . An open redirect vulnerability exists in the Drupal Views module that allows an attacker to trick users into redirecting to an...
Drupal Views module access bypass vulnerability (CNVD-2015-01153)
Drupal is written using the PHP language open source content management framework , which consists of a content management system and PHP development framework together . An access bypass vulnerability exists in the Drupal Views module, which can be exploited by an attacker to bypass certain...
SA-CONTRIB-2015-039 - Views - Multiple vulnerabilities
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. Open redirect vulnerability The module does not sanitize user provided URLs when processing the page to break the lock on Views bei...
SA-CONTRIB-2014-080 - Social Stats - Cross Site Scripting (XSS)
The Social Stats module enables you to collect statistics from various social networks and use that data with the Views module as field data, sort criteria, or filter criteria. The module does not sufficiently filter user-supplied text that is stored in the configuration, resulting in a persisten...
DEBIAN-CVE-2013-5942
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...
[SECURITY] Fedora 17 Update: drupal7-views-3.6-1.fc17
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...