2 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries...
SA-CONTRIB-2011-012 - Spaces - Access bypass
The Spaces module makes sitewide configuration options available to be overridden by individual "spaces" on a Drupal site. Spaces provides a Views module access plugin that does not properly check its permission setting which may allow underprivileged users to visit certain pages. This...