EUVD-2015-6598

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-25273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow a...

DRUPAL-CORE-2022-008

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

UBUNTU-CVE-2014-5021

Cross-site scripting XSS vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label...

JVN#45898075: Drupal Form API fails to validate the redirect URL

Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...