EUVD-2012-2101

Malware in sbrugna...

EUVD-2009-2567

Malware in sbrugna...

CVE-2012-2096

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter...

CVE-2012-2096

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter...

Code injection

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter...

CVE-2012-2096

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter...

CVE-2012-2096

The CVE-2012-2096 issue concerns the Drupal Fivestar module (6.x-1.x prior to 6.x-1.20). The vulnerability stems from insufficient validation of votes submitted via the asynchronous voting widget, allowing remote attackers to manipulate voting averages by sending a negative vote value. The adviso...

SA-CONTRIB-2012-058 - Fivestar - Input Validation

CVE: CVE-2012-2096 The Fivestar module enables you to add a voting widget to nodes and comments. The module does not sufficiently validate all votes passed by the asynchronous voting widget allowing a malicious user to improperly modify voting averages. Versions affected Fivestar 6.x-1.x versions...

CVE-2009-2572

Cross-site request forgery CSRF vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes...

CVE-2009-2572

Cross-site request forgery CSRF vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes...

CVE-2009-2572

CVE-2009-2572 is a CSRF vulnerability in the Drupal Fivestar module (versions 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14). The issue lets remote attackers hijack the authentication of arbitrary users for requests that cast votes. Affected component/function: Fivestar voting requests with...

SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery

The Fivestar module provides a voting widget for content and records votes using Ajax. The URL used by the javascript to register votes is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Fivestar 5.x-1.x prior to...