Lucene search
+L

347 matches found

Drupal
Drupal
added 2015/12/02 12:0 a.m.17 views

Mollom - Critical - Access bypass - SA-CONTRIB-2015-168

The Mollom module allows users to protect their website from spam. As part of the spam protection, Mollom enables the website administrator to create a blacklist. When content is submitted that matches terms on the black list it will be automatically marked as spam and rejected per the site...

7.5CVSS7.5AI score0.01291EPSS
Exploits0References10
Drupal
Drupal
added 2015/11/11 12:0 a.m.27 views

UC Profile - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-165

UC Profile module enables you to collect profile fields for users during the checkout process of Ubercart as a checkout pane. The module doesn't sufficiently check access to profiles under certain circumstances. Depending on the information being collected, sensitive data may be exposed. This...

4.3CVSS6.1AI score0.01087EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.33 views

Fedora 21 : drupal6-6.37-1.fc21 (2015-14442)

"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...

7.5CVSS7.3AI score0.0506EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.37 views

Fedora 23 : drupal6-6.37-1.fc23 (2015-14443)

"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...

7.5CVSS7.3AI score0.0506EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.28 views

Fedora 22 : drupal6-6.37-1.fc22 (2015-14444)

"Maintenance and security release of the Drupal 6 series. This release fixes security vulnerabilities. Sites are urged to upgrade immediately after reading the notes below and the security announcement: Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003 No other fixes are...

7.5CVSS7.3AI score0.0506EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/08/26 12:0 a.m.62 views

Drupal 6.x < 6.37 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.37. It is, therefore, potentially affected by the following vulnerabilities : - A cross-site scripting vulnerability exists in the autocomplete functionality due to improper validation of input passed via requested URLs. ...

6.8CVSS5.7AI score0.02766EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2015/08/24 2:0 p.m.31 views

CVE-2015-6658

Removed by vendor...

4.3CVSS6.6AI score0.02494EPSS
Exploits0
Cvelist
Cvelist
added 2015/08/24 2:0 p.m.28 views

CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

5.3AI score0.02494EPSS
Exploits0References10
Drupal
Drupal
added 2015/08/19 12:0 a.m.35 views

Ctools - Critical - Multiple Vulnerabilities - SA-CONTRIB-2015-141

Cross Site Scripting XSS Ctools in Drupal 6 provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Entityreference. Many features introduced in Drupal Core once lived in ctools. This vulnerability can be mitigated...

7.5CVSS7.3AI score0.02689EPSS
Exploits0References18
Drupal
Drupal
added 2015/08/19 12:0 a.m.658 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-003

This security advisory fixes multiple vulnerabilities. See below for a list. Cross-site Scripting - Ajax system - Drupal 7 A vulnerability was found that allows a malicious user to perform a cross-site scripting attack by invoking Drupal.ajax on a whitelisted HTML element. This vulnerability is...

7.5CVSS7.7AI score0.0506EPSS
Exploits0References37
Fedora
Fedora
added 2015/08/07 1:14 p.m.12 views

[SECURITY] Fedora 22 Update: drupal6-cck-2.10-1.fc22

The Content Construction Kit allows you to add custom fields to custom content types using a web interface. In Drupal 5.x, custom content types can be created in Drupal core, and the Content Construction Kit allows you to add custom fields to any content type. In Drupal 7 and later, most of the...

2.3AI score
Exploits0
Drupal
Drupal
added 2015/08/05 12:0 a.m.18 views

Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138

Compass Rose module provides a type of CCK field that allows to represent the most common orientations North, North-East, East, South-East, South, South-West, West and North-West. The module was embedding a JavaScript library from an external source that was not reliable, thereby exposing the sit...

6.1CVSS6.1AI score0.01271EPSS
Exploits0References10
Drupal
Drupal
added 2015/07/01 12:0 a.m.17 views

Views Bulk Operations - Moderately critical - Access Bypass - SA-CONTRIB-2015-131

The Views Bulk Operations module enables you to add bulk operations to administration views, executing actions on multiple selected rows. The module doesn't sufficiently guard user entities against unauthorized modification. If a user has access to a user account listing view with VBO enabled suc...

4.9CVSS6.3AI score0.01088EPSS
Exploits0References10
Drupal
Drupal
added 2015/06/24 12:0 a.m.27 views

Shibboleth authentication - Moderately critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129

Shibboleth authentication module allows users to log in and get permissions based on federated SAML2 authentication. The module didn't filter the text that is displayed as a login link. This vulnerability was mitigated by the fact that an attacker must have a role with the permission Administer...

2.1CVSS6.5AI score0.00996EPSS
Exploits0References10
Drupal
Drupal
added 2015/06/17 12:0 a.m.17 views

The eXtensible Catalog (XC) Drupal Toolkit - Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121

The eXtensible Catalog Drupal Toolkit is a set of Drupal modules to harvest records of the XC Schema format from a Metadata Services Toolkit MST. The XC NCIP Provider module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with "administer ncip providers"...

5.1CVSS6.3AI score0.00756EPSS
Exploits0References9
Drupal
Drupal
added 2015/04/29 12:0 a.m.23 views

Camtasia Relay - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100

This module enables you to integrate your Drupal site with TechSmith Relay software. The module doesn't sufficiently sanitize user input under the meta access tab. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "view meta information". CVE...

4.3CVSS6.2AI score0.01184EPSS
Exploits0References13
Drupal
Drupal
added 2015/04/22 12:0 a.m.14 views

Keyword Research - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-098

Keyword Research module enables you to tag and prioritize keywords on a site and node level basis. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause another user with "kwresearch admin site keywords" permission to create, delete and set priorities to...

5.1CVSS6.2AI score0.00646EPSS
Exploits0References9
Drupal
Drupal
added 2015/04/01 12:0 a.m.21 views

Password Policy - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-090

The Password Policy module allows enforcing restrictions on user passwords by defining password policies. The module doesn't sufficiently sanitize usernames in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that only...

2.6CVSS6.2AI score0.01178EPSS
Exploits0References10
Drupal
Drupal
added 2015/03/25 12:0 a.m.25 views

Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-087

Ubercart Webform Checkout Pane module allows you to define Webform nodes as checkout/order panes in Ubercart. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an...

3.5CVSS6AI score0.01122EPSS
Exploits0References12
Drupal
Drupal
added 2015/03/25 12:0 a.m.15 views

Petition - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-081

The Petition module enables you to create petitions which users may sign. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role...

2.1CVSS6AI score0.00949EPSS
Exploits0References9
Rows per page
Query Builder