22 matches found
EUVD-2012-3747
Malware in sbrugna...
EUVD-2013-0335
Malware in sbrugna...
EUVD-2008-3084
Malware in sbrugna...
EUVD-2013-4132
Malware in sbrugna...
EUVD-2008-3085
Malware in sbrugna...
EUVD-2009-3627
Malware in sbrugna...
EUVD-2025-4587
Malicious code in bioql PyPI...
CVE-2012-5539
The Organic Groups OG module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved...
GHSA-47WW-FF84-4JRG Cosmos SDK: x/group can halt when erroring in EndBlocker
Name: ISA-2025-002: x/group can halt when erroring in EndBlocker Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.16, = 0.50.12 Affected users: Validators, Full nodes, Users on chains that utilize the groups module Cosmos SDK...
GO-2025-3476 Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk
Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk...
Cosmos: Groups module can halt chain when handling a proposal with malicious group weights
The Cosmos SDK's groups module contained a vulnerability that could cause a chain to halt when handling a proposal with malicious group weights. The issue was triggered by a division operation that could fail due to the exponent of the resulting value being out of range, leading to a panic and...
GHSA-X5VX-95H7-RV4P Cosmos SDK: Groups module can halt chain when handling a malicious proposal
Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.15, = 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups...
Cosmos SDK: Groups module can halt chain when handling a malicious proposal
Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.47.15, = 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups...
PT-2025-7650 · Cosmossdk · Cosmossdk
Name of the Vulnerable Software and Affected Versions: CosmosSDK versions = 0.47.15 CosmosSDK versions = 0.50.11 Description: An issue was discovered in the groups module where a malicious proposal would result in a division by zero, and subsequently halt a chain due to the resulting error. Any...
DRUPAL-CONTRIB-2022-038
The module adds a "Clone" tab to a node. When clicked, a new node is created and fields from the previous node are populated into the new fields. This module supports paragraphs, groups, and other referenced entities. The module has a vulnerability which allows attackers to bypass the protection ...
Drupal Organic groups module access bypass vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Organic groups is one of the modules that allows users to create and manage their own groups. A security vulnerability exists in the Drupal Organic groups module that could be exploited...
Phorum 5.1.20 admin.php Groups Module group_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...
CVE-2012-2721
The default views in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact...
CVE-2012-3800
Cross-site scripting XSS vulnerability in og.js in the Organic Groups OG module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title...
Sql injection
SQL injection vulnerability in pickusers.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the unamesearch parameter. NOTE: some of these details are obtained from third party information...