EUVD-2022-2727

Malicious code in bioql PyPI...

Security feature bypass

Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another...

CVE-2017-6928

Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another...

Drupal Multiple Vulnerabilities (Dec 2016) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

Drupal core 7.x SQL Injection

SQL Injection vulnerabilty in the core SQL module of Drupal Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

JVN#45898075: Drupal Form API fails to validate the redirect URL

Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...

Fedora 13 : drupal-6.22-1.fc13 (2011-7546)

Advisory ID: DRUPAL-SA-CORE-2011-001 - Project: Drupal core 1 - Version: 6.x, 7.x - Date: 2011-May-25 - Security risk: Critical 2 - Exploitable from: Remote - Vulnerability: Access bypass, Cross Site Scripting -------- DESCRIPTION Note that Tenable Network Security has extracted the preceding...