124 matches found
CVE-2008-4792
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values...
drupal -- multiple vulnerabilities
The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...
XSS vulnerability in Dada Mail
According to its banner, the remote version of Dada Mail does not properly validate user written content before submitting that data to the archiving system. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...
CVE-2005-0391
Geneweb (versions 4.10 and earlier) is affected by insecure file operations during file conversion, where maintainer scripts do not properly validate file permissions and content, potentially permitting modification of arbitrary files. This CVE (CVE-2005-0391 / CAN-2005-0391) is discussed in Debi...