347 matches found
Mollom - Critical - Access bypass - SA-CONTRIB-2015-168
The Mollom module allows users to protect their website from spam. As part of the spam protection, Mollom enables the website administrator to create a blacklist. When content is submitted that matches terms on the black list it will be automatically marked as spam and rejected per the site...
UC Profile - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-165
UC Profile module enables you to collect profile fields for users during the checkout process of Ubercart as a checkout pane. The module doesn't sufficiently check access to profiles under certain circumstances. Depending on the information being collected, sensitive data may be exposed. This...
Fedora 21 : drupal6-6.37-1.fc21 (2015-14442)
"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...
Fedora 23 : drupal6-6.37-1.fc23 (2015-14443)
"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...
Fedora 22 : drupal6-6.37-1.fc22 (2015-14444)
"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...
Drupal 6.x < 6.37 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.37. It is, therefore, potentially affected by the following vulnerabilities : - A cross-site scripting vulnerability exists in the autocomplete functionality due to improper validation of input passed via requested URLs. ...
CVE-2015-6658
Removed by vendor...
CVE-2015-6658
Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...
Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141
Cross Site Scripting XSS Ctools in Drupal 6 provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Entityreference. Many features introduced in Drupal Core once lived in ctools. This vulnerability can be mitigated...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003
This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax on a whitelisted HTML element. This vulnerability is...
[SECURITY] Fedora 22 Update: drupal6-cck-2.10-1.fc22
The Content Construction Kit allows you to add custom fields to custom content types using a web interface. In Drupal 5.x, custom content types can be created in Drupal core, and the Content Construction Kit allows you to add custom fields to any content type. In Drupal 7 and later, most of the...
Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138
Compass Rose module provides a type of CCK field that allows to represent the most common orientations North, North-East, East, South-East, South, South-West, West and North-West. The module was embedding a JavaScript library from an external source that was not reliable, thereby exposing the sit...
Views Bulk Operations - Moderately critical - Access Bypass - SA-CONTRIB-2015-131
The Views Bulk Operations module enables you to add bulk operations to administration views, executing actions on multiple selected rows. The module doesn't sufficiently guard user entities against unauthorized modification. If a user has access to a user account listing view with VBO enabled suc...
Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129
Shibboleth authentication module allows users to log in and get permissions based on federated SAML2 authentication. The module didn't filter the text that is displayed as a login link. This vulnerability was mitigated by the fact that an attacker must have a role with the permission Administer...
The eXtensible Catalog (XC) Drupal Toolkit - Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121
The eXtensible Catalog Drupal Toolkit is a set of Drupal modules to harvest records of the XC Schema format from a Metadata Services Toolkit MST. The XC NCIP Provider module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with "administer ncip providers"...
Camtasia Relay - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100
This module enables you to integrate your Drupal site with TechSmith Relay software. The module doesn't sufficiently sanitize user input under the meta access tab. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "view meta information". CVE...
Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098
Keyword Research module enables you to tag and prioritize keywords on a site and node level basis. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause another user with "kwresearch admin site keywords" permission to create, delete and set priorities to...
Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090
The Password Policy module allows enforcing restrictions on user passwords by defining password policies. The module doesn't sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that only...
Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-087
Ubercart Webform Checkout Pane module allows you to define Webform nodes as checkout/order panes in Ubercart. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an...
Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081
The Petition module enables you to create petitions which users may sign. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...