Lucene search
K

11 matches found

Patchstack
Patchstack
added 2024/08/28 12:0 a.m.3 views

Drupal Advanced Varnish module < 4.0.11 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Heine Deelstra in WordPress Module Advanced Varnish versions 4.0.11...

7AI score
Exploits0References1Affected Software1
Drupal
Drupal
added 2016/09/21 12:0 a.m.641 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...

6.1CVSS5.1AI score0.01716EPSS
Exploits0References23
Drupal
Drupal
added 2013/08/07 12:0 a.m.26 views

SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF)

This module enables users to sign into a Drupal website using Mozilla Persona. The module uses a security token to ensure that a sign-in request is made from a web page that is participating in the current session. It was possible for a security token that was not of type "string" to be accepted ...

8.8CVSS8.6AI score0.00761EPSS
Exploits0References10
Drupal
Drupal
added 2012/10/17 12:0 a.m.667 views

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...

6.8CVSS7AI score0.15812EPSS
Exploits4References18
Drupal
Drupal
added 2012/07/25 12:0 a.m.17 views

SA-CONTRIB-2012-118 - Secure Login - Open Redirect

Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. In addition, Secure Login module by default redirects non-HTTPS GET requests for pages containing forms that i...

6.8AI score
Exploits0References11
Drupal
Drupal
added 2012/06/27 12:0 a.m.26 views

SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)

The Hashcash project is an implementation of a Proof Of Work POW or Puzzle scheme where users of a service have to do computational work to have their request granted. In the case of the Drupal Hashcash project, the service is 'form submission' and the Proof Of Work is a token that causes a parti...

2.6CVSS5.7AI score0.01155EPSS
Exploits0References8
Drupal
Drupal
added 2012/03/14 12:0 a.m.26 views

SA-CONTRIB-2012-040 - CKEditor and FCKeditor - multiple XSS, arbitrary code execution

CKEditor and its predecessor FCKeditor allow Drupal to replace textarea fields with the FCKEditor - a visual HTML WYSIWYG editor. The modules have an AJAX callback that filters text to prevent Cross site scripting attacks on content edits. This AJAX callback function contains a number of bugs whi...

6.8CVSS5.9AI score0.0153EPSS
Exploits0References9
Drupal
Drupal
added 2011/11/02 12:0 a.m.11 views

SA-CONTRIB-2011-052 - Views SQL Injection

The Views module enables you to list content in your site in various ways. The module doesn't sufficiently escape database parameters for certain filters/arguments on certain types of views with specific configurations of arguments. Versions affected Views 6.x-2.x versions prior to 6.x-2.13 Drupa...

7.1AI score
Exploits0References12
Drupal
Drupal
added 2009/09/30 12:0 a.m.19 views

SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting

The Shared Sign On module enables users to log into one Drupal site and be automatically logged into multiple related Drupal sites. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Session fixation problem Session Fixation. This problem allows an attack...

7AI score
Exploits0References8
Drupal
Drupal
added 2008/07/02 12:0 a.m.11 views

SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities

The Taxonomy Autotagger will automatically tag a post with terms from a vocabulary if the terms are found in the content of the post. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with th...

7.5AI score
Exploits0References7
securityvulns
securityvulns
added 2007/07/31 12:0 a.m.41 views

[DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-017 ---------------------------------------------------------------------------- Project: Drupal core Version: 5.x Date: 2007-July-26 Security risk: Moderately critical Exploitable...

6.9AI score
Exploits0
Rows per page
Query Builder