8 matches found
Ubuntu 16.04 ESM : Drupal vulnerabilities (USN-4773-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4773-1 advisory. It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely...
Mageia: Security Advisory (MGASA-2015-0121)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence...
CVE-2015-2750
CVE-2015-2750 is an open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 that allows remote attackers to redirect users to arbitrary sites and facilitate phishing via the // sequence. The issue affects Drupal’s URL-related API functions; there is no exploitation detail in the...
CVE-2015-2750
Removed by vendor...
Drupal 6.x < 6.35 / 7.x < 7.35 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.35 or 7.x prior to 7.35. It is, therefore, potentially affected by the following vulnerabilities : - An access bypass vulnerability exists in which password reset URLs can be forged. This allows a remote attacker to gain...
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001
Access bypass Password reset URLs - Drupal 6 and 7 Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password. In Drupal 7, this vulnerability is mitigated by the fact that it can only be...