46 matches found
EUVD-2015-2304
Malware in sbrugna...
EUVD-2013-7157
Malware in sbrugna...
EUVD-2014-1477
Malware in sbrugna...
EUVD-2014-1478
Malware in sbrugna...
EUVD-2014-1476
Malware in sbrugna...
CVE-2015-2197
Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...
Access Control Bypass
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Access Control Bypass via a generic entity access API which was not completely integrated with existing permissions, resulting ...
[SECURITY] Fedora 29 Update: drupal7-entity-1.9-1.fc29
This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...
[SECURITY] Fedora 30 Update: drupal7-entity-1.9-1.fc30
This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...
CVE-2014-1400
The entityaccess API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors...
Design/Logic Flaw
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors...
CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors...
CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors...
Design/Logic Flaw
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors...
CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors...
CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors...
CVE-2014-1400
The entityaccess API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors...
CVE-2014-1399
CVE-2014-1399 affects Drupal’s Entity API module (Entity API, 7.x-1.x) prior to 7.x-1.3. The vulnerability in the entity wrapper access API may allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors. The NVD entry notes remote authen...
CVE-2014-1398
CVE-2014-1398 affects Drupal: the Entity API module (7.x-1.x) before 7.x-1.3 may let remote authenticated users bypass access restrictions on comment, user and node statistics properties via unspecified vectors. Connected documents confirm fixes in 7.x-1.3 (e.g., Fedora updates for drupal7-entity...
CVE-2014-1400
CVE-2014-1400 affects Drupal’s Entity API module (7.x-1.x) before 7.x-1.3. The entity_access API flaw could allow remote authenticated users to bypass access restrictions and read unpublished comments via unspecified vectors. The issue has a published remediation: upgrade to 7.x-1.3. If exploitat...