5 matches found
ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability
Document Title: =============== ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1555 Release Date: ============= 2015-07-22 Vulnerability Laboratory ID VL-ID: ==================================== 1555...
CVE-2015-4364
Multiple cross-site request forgery CSRF vulnerabilities in includes/campaignmonitorlists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that 1 enable list subscriptions via a request to...
CVE-2015-4364
Multiple cross-site request forgery CSRF vulnerabilities in includes/campaignmonitorlists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that 1 enable list subscriptions via a request to...
CVE-2015-4364
CVE-2015-4364 covers CSRF flaws in the Drupal Campaign Monitor module (7.x-1.0)—specifically in includes/campaignmonitor_lists.admin.inc—that allow remote attackers to hijack a user’s authentication to enable or disable list subscriptions via URLs like /admin/config/services/campaignmonitor/lists...
SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery (CSRF)
Campaign Monitor module integrates the Campaign Monitor API into Drupal. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause another user to enable and disable list subscriptions by getting their browser to make a request to a specially-crafted URL. CVE...