4 matches found
CVE-2014-6061: Security issue when parsing the Authorization header
Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not...
SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...
SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords
This module provides a way to specify a certain level of password complexity aka. "password hardening" for user passwords on a system by defining a password policy. The Password policy module allows administrators to request users to enter a new password that does not match any of the previous X...
SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure
Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...