453 matches found
DRUPAL-CONTRIB-2018-022
This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...
DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022
This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...
DRUPAL-CONTRIB-2018-018
This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...
Drupal avatar_uploader arbitrary file download vulnerability
avataruploader is the module used to implement the function of uploading user images in a content management system maintained by the Drupal community. A security vulnerability exists in avataruploader version 7.x-1.0-beta8, which is caused by code in the view.php file that fails to validate user...
DRUPAL-CONTRIB-2018-015
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...
DRUPAL-CONTRIB-2018-008
This module enables you to show referenced entities in tabs. The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content o...
DRUPAL-CONTRIB-2018-002
The Node view permissions module enables the "View own content" and "View any content" permissions for each content type on the permissions page. This module has a vulnerability that allows users with these permissions to view unpublished content that they are not otherwise authorized to view. Th...
DRUPAL-CONTRIB-2018-001
This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability ...
DRUPAL-CONTRIB-2017-094
The Link Click Count module helps you to monitor the traffic to your website by creating link fields. These link fields can be individual links or internal/external links that can be added to the content type. The security team is marking this module unsupported. There is a known security issue...
Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096
This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...
DRUPAL-CONTRIB-2017-091
The Configuration Update Reports sub-module in the Configuration Update module project enables you to run reports to see what configuration on your site differs from the configuration distributed by a module, theme, or installation profile, and to revert, delete, or import configuration. This...
DRUPAL-CONTRIB-2017-082
The Permissions by Term module extends Drupal by adding functionality for restricting access to single nodes via taxonomy terms. The module grants access to nodes that are being blocked by other node access modules and that the Permissions by Term module does not intend to control. Additionally, ...
CVE-2015-7980
Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...
H5P - Critical - Reflected Cross Site Scripting (XSS) - DRUPAL-SA-CONTRIB-2017-071
The H5P module helps create interactive videos, question sets, drag and drop questions, multichoice questions, boardgames, presentations, flashcards and more using Drupal. The module does not sufficiently filter text prior to printing it back to the page, leading to a Reflected Cross Site Scripti...
[SECURITY] Fedora 24 Update: drupal7-title-1.0-0.7.alpha9.fc24
While working on the new content translation system http://api.drupal.org/api/group/fieldlanguage/7 for Drupal 7, we the Dr upal core i18n team faced the need to convert node titles to the Field API in o rder to make nodes fully translatable. We were not able to make this happen in Drupal 7 core ...
Multiple Vulnerabilities in Drupal Permissions by Term
The Permissions by Term module is a module from Drupal. The module provides both front-end and back-end functionality. No programming skills are required, and the module can be handled by the Drupal site builder through a user interface in a web browser. Permissions by Term module version 8.x-1.1...
[SECURITY] Fedora 24 Update: drupal7-google_analytics-2.3-1.fc24
Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...
[SECURITY] Fedora 23 Update: drupal7-google_analytics-2.3-1.fc23
Adds the Google Analytics web statistics tracking system to your website. This package provides the following Drupal module: googleanalytics...
Drupal CAS Module Information Disclosure Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.CAS is one of the modules of the Java-based single sign-on solution. An information disclosure vulnerability exists in the Drupal CAS module in versions 7.x-1.5 prior to 7.x-1.x, which...
[SECURITY] Fedora 22 Update: drupal7-block_class-2.3-1.fc22
Block Class allows users to add classes to any block through the block's configuration interface. By adding a very short snippet of PHP to a theme's block.tpl.php file, classes can be added to the parent element of a block. This package provides the following Drupal module: blockclass...