Symfony2 improper IP based access control

Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp...

drupal -- Drupal core - Highly critical - Remote Code Execution

Drupal Security Team Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order to fix this issue, the following changes have been made to content moderation which may have...

Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. This vulnerability is...

Skype Status - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-076

This module enables you to obtain the status for a user's Skype account The module doesn't sufficiently sanitize the user input for their Skype ID. This vulnerability is mitigated by the fact that an attacker must have an account on the site and be allowed to edit/input their Skype ID. CVE...

Better field descriptions - Critical - XSS - SA-CONTRIB-2017-064

This module enables you to add themeable descriptions to fields in forms. The module doesn't sufficiently sanitize descriptions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "add better descriptions to fields". CVE identifiers issued ACVE...

Alinks - Moderately Critical -Access bypass - SA-CONTRIB-2017-058

This module enables you to automatically link keywords to specific URLs. This module has an insufficient access check on the delete route. Alinks uses the wrong permission for an access check. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with...

shib_auth Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-043

This module enables you to login via Shibboleth. The module doesn't sufficiently logout the user when the shib session expires, which depending on the caching mechanism makes private data public. This vulnerability is mitigated by the fact that shibauth would have to be used in combination with a...

drupal8 -- Drupal Core - Critical - Access Bypass

Drupal Security Team Reports: CVE-2017-6919: Access bypass...

Timezone Detect - Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2017-020

This module enables sites to automatically detect and set user timezones via JavaScript. The module does not sufficiently protect against Cross-Site Request Forgery CSRF: an attacker could use this vulnerability to manipulate a user's timezone setting. The security implication of this issue depen...

Acquia Content Hub - Moderately Critical - Access Bypass - SA-CONTRIB-2017-013

The Acquia Content Hub module enables the distribution and discovery of content from any source using the Acquia Content Hub service. The module allows rendering of any arbitrary entity, without performing the appropriate access check. Users browsing to a well crafted URL could access information...

Doubleclick for Publishers (DFP) - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-002

This module enables you to to place advertisements on your site that are served by Google's DFP Doubleclick for Publisher service. The module has multiple Cross Site Scripting XSS vulnerabilities due to not sufficiently escaped fields. The "administer DFP" permission is not marked as restricted...

Elysia Cron - Critical - Arbitrary PHP code execution - SA-CONTRIB-2016-062

This module enables you to manage cron jobs. The module allows users with the permission "Administer elysia cron" to execute arbitrary PHP code via cron. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer elysia cron". This permission is...

Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054

This module enables you to run NCBI BLAST jobs on the host system. The module doesn't sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be executed when the BLAST job is run. This...

Flag Lists - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2016-051

This module enables regular users to create unlimited private flags called lists. The flaglists module doesn't sufficiently filter the output when applying token strings to flaglists links leading to a persistent Cross Site Scripting XSS attack. This vulnerability is mitigated by the fact that an...

OAuth2 Client- Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2016-044

This module provides an OAuth2 client. The module does not check the validity of the state parameter, during server-side flow, before getting a token. This may allow a malicious user to feed a fake accesstoken to another user, and subsequently provide him fake data from the server. This page...

drupal -- multiple vulnerabilities

Drupal Security Team reports: Saving user accounts can sometimes grant the user all roles User module - Drupal 7 - Moderately Critical Views can allow unauthorized users to see Statistics information Views module - Drupal 8 - Less Critical...

REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033

This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...

Login one time - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-017

The Login one time module provides the ability to email one-time login links to users. The module doesn't sufficiently sanitize user input supplied to an ajax callback function. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security...

Fast Autocomplete - Critical - DOS vulnerability - SA-CONTRIB-2016-016

This module enables you to show IMDB-like suggestions when entering terms into an input field using json files to "cache" suggestions making the autocomplete very fast. The module doesn't sufficiently validate the incoming language parameter in the request path when a json file of the module is...