[SECURITY] Fedora 22 Update: drupal6-emfield-2.7-1.fc22

This extensible module will create fields for content types that can be use d to display video, image, and audio files from various third party providers. W hen entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine...

Drupal Nodejs Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...

[SECURITY] Fedora 21 Update: drupal7-jquery_update-2.7-1.fc21

Upgrades the version of jQuery in Drupal core to a newer version of jQuery. This package provides the following Drupal module: jqueryupdate...

Drupal Entity Registration Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Entity Registration is one of the user registration modules. An information disclosure vulnerability exists in the Drupal Entity Registration module in versions 7.x-1.6 prior to 7.x-1.x...

[SECURITY] Fedora 22 Update: drupal7-jquery_update-2.6-1.fc22

Upgrades the version of jQuery in Drupal core to a newer version of jQuery. This package provides the following Drupal module: jqueryupdate...

[SECURITY] Fedora 21 Update: drupal6-views_bulk_operations-1.17-1.fc21

This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...

Spotlight - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-142

The Spotlight module provides a tool that mimics Mac OS X Spotlight functionality. It provides faster access to content, paths and uploaded files. The module doesn't sufficiently sanitize node titles when displayed in results. This vulnerability is mitigated by the fact that an attacker must have...

Quick Edit - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-137

This module enables you to in-place edit entities' fields. The module doesn't sufficiently filter entity titles under the scenario where the user starts in-place editing an entity. The module also doesn't sufficiently filter node titles under the scenario where a node is displayed albeit only on...

[SECURITY] Fedora 22 Update: drupal7-path_breadcrumbs-3.3-1.fc22

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

Drupal OSF for Drupal module cross-site request forgery vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. osf for Drupal is one of the middle-tier modules that allows customization tools and data display for internally structured data RDF and related vocabularies ontologies. A cross-site...

Drupal OSF for Drupal Module Arbitrary File Deletion Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. osf for Drupal is one of the middle-tier modules that allows customization tools and data display for internally structured data RDF and related vocabularies ontologies. An arbitrary...

[SECURITY] Fedora 21 Update: drupal7-views_bulk_operations-3.3-1.fc21

This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...

Drupal LABjs module open redirection vulnerability

Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal LABjs module that allows an attacker to construct malicious URIs, trick users into parsing them, and redirect users to arbitrary WEB sites for phishing attacks...

CVE-2015-4364

Multiple cross-site request forgery CSRF vulnerabilities in includes/campaignmonitorlists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that 1 enable list subscriptions via a request to...

Unspecified Vulnerability in Drupal Amazon AWS Module

Drupal is a free, open source content management system developed in the PHP language maintained by the Drupal community.Amazon AWS is one of the modules that integrates with Amazon Web Services AWS. A security vulnerability exists in the Drupal Amazon AWS module prior to version 7.x-1.3, which...

[SECURITY] Fedora 21 Update: drupal7-webform-4.7-1.fc21

Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...

[SECURITY] Fedora 21 Update: drupal7-entity-1.6-1.fc21

This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...

Multiple Cross-Site Request Forgery Vulnerabilities in Drupal Batch Jobs Module

Drupal is a free and open source content management system developed in PHP. Multiple cross-site request forgery vulnerabilities exist in the Drupal Batch Jobs module, which can be exploited by an attacker to perform certain unauthorized actions and gain access to affected applications...

[SECURITY] Fedora 20 Update: drupal7-date-2.8-1.fc20

This Drupal module contains both a flexible date/time field type and a Date API that other modules can use...

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass

The Commerce Postfinance ePayment module provides commerce payment methods for the Postfinance e-Payment service provider. The module doesn't sufficiently validate incoming payment notification IPN messages. Sending a specifically crafted IPN message to an affected site allows an attacker to crea...