Lucene search
K

453 matches found

OSV
OSV
added 2018/04/25 5:37 p.m.3 views

DRUPAL-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

7.2AI score
Exploits0References1
Drupal
Drupal
added 2018/04/25 12:0 a.m.5 views

DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

7.4AI score
Exploits0References3
OSV
OSV
added 2018/04/18 3:45 p.m.4 views

DRUPAL-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2018/04/09 12:0 a.m.5 views

Drupal avatar_uploader arbitrary file download vulnerability

avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...

7.5CVSS7.1AI score0.56924EPSS
Exploits6References1
OSV
OSV
added 2018/02/21 8:12 p.m.3 views

DRUPAL-CONTRIB-2018-015

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...

6.7AI score
Exploits0References1
OSV
OSV
added 2018/02/07 6:45 p.m.3 views

DRUPAL-CONTRIB-2018-008

This module enables you to show referenced entities in tabs. The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content o...

6.7AI score
Exploits0References1
OSV
OSV
added 2018/01/10 6:2 p.m.3 views

DRUPAL-CONTRIB-2018-002

The Node view permissions module enables the "View own content" and "View any content" permissions for each content type on the permissions page. This module has a vulnerability that allows users with these permissions to view unpublished content that they are not otherwise authorized to view. Th...

6.9AI score
Exploits0References1
OSV
OSV
added 2018/01/10 5:57 p.m.3 views

DRUPAL-CONTRIB-2018-001

This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability ...

6.9AI score
Exploits0References1
OSV
OSV
added 2017/12/20 2:12 p.m.2 views

DRUPAL-CONTRIB-2017-094

The Link Click Count module helps you to monitor the traffic to your website by creating link fields. These link fields can be individual links or internal/external links that can be added to the content type. The security team is marking this module unsupported. There is a known security issue...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2017/12/20 12:0 a.m.4 views

Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096

This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...

7.3AI score
Exploits0References2
OSV
OSV
added 2017/12/06 6:44 p.m.3 views

DRUPAL-CONTRIB-2017-091

The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration. This...

6.7AI score
Exploits0References1
OSV
OSV
added 2017/11/08 5:16 p.m.1 views

DRUPAL-CONTRIB-2017-082

The Permissions by Term module extends Drupal by adding functionality for restricting access to single nodes via taxonomy terms. The module grants access to nodes that are being blocked by other node access modules and that the Permissions by Term module does not intend to control. Additionally, ...

6.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/10/03 1:29 a.m.1 views

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

6.1CVSS5.8AI score0.01271EPSS
Exploits0References6
Drupal
Drupal
added 2017/08/30 12:0 a.m.14 views

H5P - Critical - Reflected Cross Site Scripting (XSS) - DRUPAL-SA-CONTRIB-2017-071

The H5P module helps create interactive videos, question sets, drag and drop questions, multichoice questions, boardgames, presentations, flashcards and more using Drupal. The module does not sufficiently filter text prior to printing it back to the page, leading to a Reflected Cross Site Scripti...

5.6AI score
Exploits0References13
Fedora
Fedora
added 2017/02/11 3:50 p.m.16 views

[SECURITY] Fedora 24 Update: drupal7-title-1.0-0.7.alpha9.fc24

While working on the new content translation system http://api.drupal.org/api/group/fieldlanguage/7 for Drupal 7, we the Dr upal core i18n team faced the need to convert node titles to the Field API in o rder to make nodes fully translatable. We were not able to make this happen in Drupal 7 core ...

0.1AI score
Exploits0
CNVD
CNVD
added 2017/01/10 12:0 a.m.1 views

Multiple Vulnerabilities in Drupal Permissions by Term

The Permissions by Term module is a module from Drupal. The module provides both front-end and back-end functionality. No programming skills are required, and the module can be handled by the Drupal site builder through a user interface in a web browser. Permissions by Term module version 8.x-1.1...

6.4AI score
Exploits0References1
Fedora
Fedora
added 2016/09/22 12:29 a.m.13 views

[SECURITY] Fedora 24 Update: drupal7-google_analytics-2.3-1.fc24

Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...

3.2AI score
Exploits0
Fedora
Fedora
added 2016/09/21 8:25 p.m.22 views

[SECURITY] Fedora 23 Update: drupal7-google_analytics-2.3-1.fc23

Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...

3.2AI score
Exploits0
CNVD
CNVD
added 2016/05/27 12:0 a.m.2 views

Drupal CAS Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.CAS is one of the modules of the Java-based single sign-on solution. An information disclosure vulnerability exists in the Drupal CAS module in versions 7.x-1.5 prior to 7.x-1.x, which...

6.2AI score
Exploits0References1
Fedora
Fedora
added 2016/04/22 1:52 a.m.37 views

[SECURITY] Fedora 22 Update: drupal7-block_class-2.3-1.fc22

Block Class allows users to add classes to any block through the block's configuration interface. By adding a very short snippet of PHP to a theme's block.tpl.php file, classes can be added to the parent element of a block. This package provides the following Drupal module: blockclass...

5.4CVSS3.2AI score0.01116EPSS
Exploits0
Rows per page
Query Builder