11 matches found
Mageia: Security Advisory (MGASA-2014-0492)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : drupal6-6.34-1.fc20 (2014-15519)
https://www.drupal.org/SA-CORE-2014-006 - Update to Drupal 6. - Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
Fedora Update for drupal6 FEDORA-2014-15519
Check the version of drupal6 SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868540";...
[SECURITY] [DSA 3075-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3075-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 20, 2014 http://www.debian.org/security/faq -...
Updated drupal packages fix security vulnerabilities
Updated drupal packages fix security vulnerability: Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session CVE-2014-9015. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the...
CVE-2014-9015
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions...
CVE-2014-9015
CVE-2014-9015 affects Drupal 6.x before 6.34 and Drupal 7.x before 7.34. A crafted request (to a server handling both HTTP and HTTPS) can hijack an active user session. The vulnerability stems from how sessions are managed in these versions, enabling an attacker to take over another user’s sessio...
Drupal 6.x < 6.34 / 7.x < 7.34 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.34 or 7.x prior to 7.34. It is, therefore, potentially affected by the following vulnerabilities : - There exists an unspecified flaw that is triggered when handling a specially crafted request that may allow a remote...
drupal: session hijacking and denial of service
Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006
Session hijacking Drupal 6 and 7 A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session. This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content "mixed-mode", but it is possible...
Debian: Security Advisory (DSA-3075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...