CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

EUVD-2020-4948

Malware in sbrugna...

EUVD-2022-4035

Malicious code in bioql PyPI...

Domain Group - Critical - Access bypass - SA-CONTRIB-2021-037

This module enables sites to define a domain from Domain Access that points directly to a group page. The module doesn't sufficiently manage the access to content administrative paths allowing an attacker to see and take actions on content nodes they should be allowed to...

CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

Directory traversal

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

CVE-2020-12649

Summary of CVE-2020-12649 : The Gurbalib MUD library (up to 2020-04-30) contains a directory traversal vulnerability in the file lib/cmds/player/help.c that enables reading of administrative paths. The connected Red Hat, CNVD, CVE lists corroborate the issue; exploitation details and a specific f...

CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...

GatherContent - Moderately critical - Access bypass - SA-CONTRIB-2018-075

This module enables you to import and export data from the GatherContent service. The module didn't properly protect its administrative paths...

Cross site request forgery (csrf)

Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID...