17 matches found
EUVD-2013-0186
Malware in sbrugna...
EUVD-2008-0272
Malware in sbrugna...
Directus allows updates to non-allowed fields due to overlapping policies
Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...
October 4, 2022, update for Office 2016 (KB5002243)
October 4, 2022, update for Office 2016 KB5002243 This article describes update 5002243 for Microsoft Office 2016 that was released on October 4, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...
codekabinett.com XSS vulnerability
Open Bug Bounty ID: OBB-582948 Description| Value ---|--- Affected Website:| codekabinett.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Drupal Multiple Vulnerabilities (Dec 2016) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
FreeBSD : Drupal Code -- Multiple Vulnerabilities (8db24888-b2f5-11e6-8153-00248c0c745d)
The Drupal development team reports : Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities b...
Information disclosure
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags...
CVE-2016-9449
CVE-2016-9449 affects Drupal core (taxonomy module) on Drupal 7.x before 7.52 and 8.x before 8.2.3. The root cause is an inconsistent use of access query tags (taxonomy_term_access vs term_access) in query alteration, which could disclose taxonomy term information to remote authenticated users. T...
CVE-2016-9449
Removed by vendor...
Drupal Fixes 'Moderately Critical' Vulnerabilities in Core Engine
The Drupal Security Team fixed a handful of issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service condition. Drupal SA-CORE-2016-005 – Moderately Critical Update to Drupal core 7....
Inconsistent name for term access query
More info at https://www.drupal.org/SA-CORE-2016-005...
Inconsistent name for term access query
More info at https://www.drupal.org/SA-CORE-2016-005...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005
Description Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing...
CVE-2015-4375
The CVE-2015-4375 vulnerability affects the Chaos tool suite (ctools) module for Drupal (7.x-1.x prior to 7.x-1.7 and 6.x-1.x prior to 6.x-1.12). It enables remote attackers to obtain sensitive node titles via two attack paths: (1) an autocomplete search on custom entities without an access query...