20 matches found
EUVD-2012-1094
Malware in sbrugna...
EUVD-2012-1093
Malware in sbrugna...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
CVE-2012-3526
The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the...
CVE-2012-1056
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for 1 Recent forwards, 2 Most forwarded, or 3 Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors...
Code injection
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for 1 Recent forwards, 2 Most forwarded, or 3 Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors...
CVE-2012-1057
Cross-site request forgery CSRF vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the...
CVE-2012-1056
CVE-2012-1056 concerns the Drupal Forward module (6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3). The issue is improper permission checks for the Recent forwards, Most forwarded, and Dynamic blocks, enabling remote attackers to obtain node titles via unspecified vectors. The related Drupal S...
CVE-2012-1057
CVE-2012-1057 describes a CSRF vulnerability in the Forward module (Drupal) across 6.x-1.x and 7.x-1.x series, where the clickthrough tracking feature could be abused to hijack an administrator’s session and raise node rankings via tracking requests, potentially linked to inadequate flood control...
CVE-2012-1057
Cross-site request forgery CSRF vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the...
CVE-2012-1056
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for 1 Recent forwards, 2 Most forwarded, or 3 Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors...
SA-CONTRIB-2012-016 - Forward module CSRF and Access bypass
The Forward module enables you to add a "forward this page" link to each node. The link takes regular site visitors to a form where they can generate an email to a friend. The module exhibits multiple vulnerabilities as described below. The module includes "Recent forwards" and "Most forwarded"...
SA-CONTRIB-2011-035 Forward module - Open redirect
The Forward module enables you to add a "forward this page" link to each node. The link takes regular site visitors to a form where they can generate an email to a friend. The module doesn't check to ensure that the page being forwarded refers to an internal path. This could allow someone to hard...
SA-CONTRIB-2010-003 - Forward - Cross site scripting
This module allows users to forward a link to a specific node on your site to a friend. The Forward module does not properly sanitize user supplied data, allowing users with the "access administration pages" and "administer forward" permissions, or users with "access administration pages" and...
SA-CONTRIB-2009-009 Forward module can be used as a spam relay
This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...
CVE-2007-3690
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
CVE-2007-3690
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
CVE-2007-3690
CVE-2007-3690 affects Drupal’s Forward module (before 4.7-1.1 and before 5.x-1.0 for 5.x) where remote attackers can read restricted posts in modules such as Organic Groups, Taxonomy Access Control, and Taxonomy Access Lite by supplying modified URL arguments. The vulnerability is a cross-module ...
Forward - Access bypass
The Forward module is a module that allows site administrators to add links to postings that let users email the current page to a third party. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such a...