8 matches found
Ubuntu 16.04 ESM : Drupal vulnerabilities (USN-4773-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4773-1 advisory. It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely...
Mageia: Security Advisory (MGASA-2015-0121)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 3200-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3200-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq -...
CVE-2015-2559
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL...
CVE-2015-2559
Removed by vendor...
CVE-2015-2559
CVE-2015-2559 affects Drupal 6.x before 6.35 and 7.x before 7.35, enabling a remote authenticated user to reset another user’s password by exploiting a crafted password‑reset URL and matching password hashes. Connected advisories confirm this as part of broader Drupal fixes and, in some records (...
Drupal 6.x < 6.35 / 7.x < 7.35 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.35 or 7.x prior to 7.35. It is, therefore, potentially affected by the following vulnerabilities : - An access bypass vulnerability exists in which password reset URLs can be forged. This allows a remote attacker to gain...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001
Access bypass Password reset URLs - Drupal 6 and 7 Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be...