15 matches found
EUVD-2010-1573
Malware in sbrugna...
EUVD-2015-4421
Malware in sbrugna...
EUVD-2010-1574
Malware in sbrugna...
Drupal Ajax Handler and Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Ajax handler is one of the modules used to handle Ajax requests.Ctools Chaos tool suite is one of the API modules used to improve the development experience. A cross-site scripting...
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CVE-2015-6665
CVE-2015-6665 affects Drupal 7.x up to version 7.39 and the Ctools module 6.x up to 6.x-1.14. The XSS flaw resides in the Ajax handler, allowing remote attackers to inject arbitrary scripts/HTML via a whitelisted HTML element (potentially the A tag). Remediation: upgrade to Drupal 7.39 and Ctools...
Drupal Ctools Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module, which allows remote attackers to exploit the vulnerability to inject...
Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141
Cross Site Scripting XSS Ctools in Drupal 6 provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Entityreference. Many features introduced in Drupal Core once lived in ctools. This vulnerability can be mitigated...
Design/Logic Flaw
The Chaos tool suite ctools module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via 1 an autocomplete search on custom entities without an access query tag or 2 leveraging knowledge of the ID of an entity...
CVE-2015-4375
The CVE-2015-4375 vulnerability affects the Chaos tool suite (ctools) module for Drupal (7.x-1.x prior to 7.x-1.7 and 6.x-1.x prior to 6.x-1.12). It enables remote attackers to obtain sensitive node titles via two attack paths: (1) an autocomplete search on custom entities without an access query...
CVE-2012-2082
Cross-site scripting XSS vulnerability in the Chaos tool suite aka CTools module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature...
Drupal Panels 5.x-1.2 XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Panels module http://drupal.org/project/panels "allows a site administrator to create...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a page via a q=admin/build/pages/nojs/enable/ value or 2 disable a page...
CVE-2010-1547
Multiple cross-site request forgery CSRF vulnerabilities in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a page via a q=admin/build/pages/nojs/enable/ value or 2 disable a page...
CVE-2010-1546
CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...