5 matches found
CVE-2012-0827
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors...
CVE-2012-0827
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors...
CVE-2012-0827
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors...
CVE-2012-0827
Drupal 7.x File module vulnerability CVE-2012-0827 (before 7.11) allows remote authenticated users to read arbitrary private files associated with restricted fields when using unspecified field access modules. The issue is an access-control bypass in the File module, corroborated by OpenVAS/VuXML...
drupal -- multiple vulnerabilities
Drupal development team reports: Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service...