Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.34 views

Mageia: Security Advisory (MGASA-2014-0492)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.3AI score0.82699EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2014/12/03 12:0 a.m.33 views

Fedora 20 : drupal6-6.34-1.fc20 (2014-15519)

https://www.drupal.org/SA-CORE-2014-006 - Update to Drupal 6. - Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

6.8CVSS6AI score0.06463EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2014/12/03 12:0 a.m.28 views

Fedora Update for drupal6 FEDORA-2014-15519

Check the version of drupal6 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868540";...

6.8CVSS6.3AI score0.02458EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.150 views

[SECURITY] [DSA 3075-1] drupal7 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...

6.8CVSS0.9AI score0.82699EPSS
Exploits3
Mageia
Mageia
added 2014/11/26 5:29 p.m.48 views

Updated drupal packages fix security vulnerabilities

Updated drupal packages fix security vulnerability: Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session CVE-2014-9015. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the...

6.8CVSS6.4AI score0.82699EPSS
Exploits3References7
UbuntuCve
UbuntuCve
added 2014/11/24 3:59 p.m.41 views

CVE-2014-9015

Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions...

6.8CVSS6.4AI score0.02458EPSS
Exploits0References2
CVE
CVE
added 2014/11/24 3:0 p.m.136 views

CVE-2014-9015

CVE-2014-9015 affects Drupal 6.x before 6.34 and Drupal 7.x before 7.34. A crafted request (to a server handling both HTTP and HTTPS) can hijack an active user session. The vulnerability stems from how sessions are managed in these versions, enabling an attacker to take over another user’s sessio...

6.8CVSS6AI score0.02458EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/21 12:0 a.m.74 views

Drupal 6.x < 6.34 / 7.x < 7.34 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.34 or 7.x prior to 7.34. It is, therefore, potentially affected by the following vulnerabilities : - There exists an unspecified flaw that is triggered when handling a specially crafted request that may allow a remote...

6.8CVSS6.3AI score0.82699EPSS
Exploits3References5
ArchLinux
ArchLinux
added 2014/11/20 12:0 a.m.49 views

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

6.8CVSS2.2AI score0.82699EPSS
Exploits3References4
Drupal
Drupal
added 2014/11/19 12:0 a.m.651 views

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006

Session hijacking Drupal 6 and 7 A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content "mixed-mode", but it is possible...

6.8CVSS6.2AI score0.82699EPSS
Exploits3References20
OpenVAS
OpenVAS
added 2014/11/19 12:0 a.m.32 views

Debian: Security Advisory (DSA-3075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.82699EPSS
Exploits3References3
Rows per page
Query Builder