Lucene search
K

101 matches found

Prion
Prion
added 2013/03/27 11:55 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields...

2.1CVSS5.7AI score0.02046EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2013/03/27 11:0 p.m.39 views

CVE-2013-1887

The CVE affects Drupal's Views module (7.x-3.x) prior to 7.x-3.6. The vulnerability arises from insufficient sanitization of certain view configuration fields, enabling remote authenticated users with specific permissions to inject arbitrary web script or HTML (XSS). The attacker would exploit th...

2.1CVSS5.5AI score0.02046EPSS
Exploits0References10Affected Software1
Drupal
Drupal
added 2012/08/29 12:0 a.m.13 views

SA-CONTRIB-2012-134 - Views - Privilege Escalation

The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on...

6.9AI score
Exploits0References10
NVD
NVD
added 2012/08/14 11:55 p.m.13 views

CVE-2012-2081

The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...

5CVSS6.2AI score0.01563EPSS
Exploits0References7
Prion
Prion
added 2012/08/14 11:55 p.m.13 views

Design/Logic Flaw

The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...

5CVSS6.7AI score0.01563EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2012/02/17 11:55 p.m.14 views

CVE-2011-4113

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...

7.5CVSS8.3AI score0.01708EPSS
Exploits0References9
Prion
Prion
added 2012/02/17 11:55 p.m.15 views

Sql injection

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...

7.5CVSS9AI score0.01708EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2012/02/17 11:0 p.m.49 views

CVE-2011-4113

CVE-2011-4113 describes a SQL injection vulnerability in the Drupal Views module , present in versions before 6.x-2.13 . The issue allows remote attackers to execute arbitrary SQL commands via vectors related to the filters/arguments on certain types of views with specific configurations of argum...

7.5CVSS8.6AI score0.01708EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2012/02/17 11:0 p.m.22 views

CVE-2011-4113

SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."...

8.3AI score0.01708EPSS
Exploits0References9
Metasploit
Metasploit
added 2012/01/10 8:54 p.m.28 views

Drupal Views Module Users Enumeration

This module exploits an information disclosure vulnerability in the 'Views' module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'. Drupal 6 with 'Views' module 'Drupal Views Module Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability...

6.4AI score
Exploits0
Drupal
Drupal
added 2011/03/02 12:0 a.m.21 views

SA-CONTRIB-2011-012 - Spaces - Access bypass

The Spaces module makes sitewide configuration options available to be overridden by individual "spaces" on a Drupal site. Spaces provides a Views module access plugin that does not properly check its permission setting which may allow underprivileged users to visit certain pages. This...

7AI score
Exploits0References10
OpenVAS
OpenVAS
added 2011/01/24 12:0 a.m.21 views

FreeBSD Ports: drupal6-views

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS6.6AI score0.01859EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/12/29 12:0 a.m.19 views

FreeBSD : Drupal Views plugin -- XSS (ff8b419a-0ffa-11e0-becc-0022156e8794)

Drupal security team reports : The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS...

4.3CVSS5.3AI score0.01859EPSS
Exploits0References3
NVD
NVD
added 2010/12/23 6:0 p.m.19 views

CVE-2010-4520

Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...

4.3CVSS5.8AI score0.01042EPSS
Exploits0References3
Prion
Prion
added 2010/12/23 6:0 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...

4.3CVSS6.1AI score0.01042EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2010/12/23 6:0 p.m.18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...

6.8CVSS7.8AI score0.00615EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2010/12/23 6:0 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path...

4.3CVSS6AI score0.01859EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2010/12/23 5:0 p.m.22 views

CVE-2010-4520

Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...

5.8AI score0.01042EPSS
Exploits0References3
Cvelist
Cvelist
added 2010/12/23 5:0 p.m.24 views

CVE-2010-4519

Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...

7.3AI score0.00615EPSS
Exploits0References3
CVE
CVE
added 2010/12/23 5:0 p.m.50 views

CVE-2010-4520

The CVE-2010-4520 entry describes multiple cross-site scripting (XSS) vulnerabilities in Drupal’s Views module for 6.x releases, specifically before 6.x-2.11. The issue allows remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. The provided docum...

4.3CVSS5.9AI score0.01042EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder