DRUPAL-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

PT-2026-22088

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.1.1 Description A Server-Side Request Forgery SSRF issue exists in the Drupal Canvas module. The vulnerability is exposed when the hidden canvas ai submodule is enabled, typically through Drupal Recipes or...

EUVD-2013-0290

Malware in sbrugna...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

[SECURITY] Fedora 28 Update: drupal7-backup_migrate-3.5-1.fc28

Back up and restore your Drupal MySQL database, code, and files or migrate a site between environments. Backup and Migrate supports gzip, bzip and zip compression as well as automatic scheduled backups. With Backup and Migrate you can dump some or all of your database tables to a file download or...

[SECURITY] Fedora 21 Update: drupal7-migrate-2.8-1.fc21

The migrate module provides a flexible framework for migrating content into Drupal from other sources e.g., when converting a web site from another CMS to Drupal. Out-of-the-box, support for creating core Drupal objects such as nodes, users, files, terms, and comments are included - it can easily...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

CVE-2013-0260

CVE-2013-0260 refers to an information-disclosure vulnerability in the Drush Debian Packaging module for Drupal. The connected Drupal advisory (SA-CONTRIB-2013-014) states the module does not sufficiently protect database credentials, and exploitation requires shell access to the server. Affected...

CVE-2013-0260

Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors...

SA-CONTRIB-2013-014 - Drush Debian Packaging - Information Disclosure - Unsupported

This package is a tool to build debian packages from a Drupal instance. The module doesn't sufficiently protect database credentials. This vulnerability is mitigated by the fact that an attacker must have shell access to the server. CVE identifiers issued CVE-2013-0260 Versions affected All...

Cross site scripting

Cross-site scripting XSS vulnerability in the hostingtasklogtable function in modules/hosting/task/hostingtask.module in the Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log...

CVE-2012-2708

Cross-site scripting XSS vulnerability in the hostingtasklogtable function in modules/hosting/task/hostingtask.module in the Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log...