20 matches found
EUVD-2015-5456
Malware in sbrugna...
EUVD-2012-2688
Malware in sbrugna...
hostmaster.loginsys.de Cross Site Scripting vulnerability OBB-3252736
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hostmaster.2mq.de Cross Site Scripting vulnerability OBB-3244657
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
hostmaster.spireproperties.co.uk Cross Site Scripting vulnerability OBB-2367566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2015-5501
The Hostmaster Aegir module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment...
Design/Logic Flaw
The Hostmaster Aegir module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment...
CVE-2015-5501
The Hostmaster Aegir module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment...
CVE-2015-5501
The CVE covers Drupal’s Hostmaster (Aegir) module (6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2). The underlying issue allows remote attackers to execute arbitrary PHP code by placing a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site envi...
Drupal Hostmaster Module Remote Code Execution Vulnerability
Drupal is a free and open source content management system developed in PHP. A security vulnerability exists in the Drupal Hostmaster module that allows remote attackers to exploit the vulnerability to submit special requests and execute arbitrary code...
Drupal Hostmaster (Aegir) 模块安全绕过漏洞
Bugtraq ID:61327 CNCAN ID:CNCAN-2013071902 Drupal是使用PHP语言编写的开源内容管理框架,它由内容管理系统和PHP开发框架共同构成 Drupal Hostmaster在运行任务时没有进行正确的授权,允许攻击者利用漏洞绕过限制访问其他受限功能 0 Drupal Hostmaster Aegir Module 6.x 厂商解决方案 Drupal Hostmaster Aegir Module 6.x-1.10已经修复此漏洞,建议用户下载更新: http://community.aegirproject.org/1.10...
SA-CONTRIB-2013-059 - Hostmaster (Aegir) - Access Bypass
This install profile and accompanying suite of modules enables you to install, upgrade, deploy, and backup Drupal sites among other things. The module doesn't sufficiently control access to running tasks on sites, under the scenario where a user successfully guesses a sites' path in the Aegir...
CVE-2012-2707
The Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes...
CVE-2012-2708
Cross-site scripting XSS vulnerability in the hostingtasklogtable function in modules/hosting/task/hostingtask.module in the Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log...
Cross site scripting
Cross-site scripting XSS vulnerability in the hostingtasklogtable function in modules/hosting/task/hostingtask.module in the Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log...
Design/Logic Flaw
The Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes...
CVE-2012-2707
The Hostmaster Aegir module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes...
CVE-2012-2707
CVE-2012-2707 affects the Hostmaster (Aegir) Drupal module (6.x-1.x) prior to 6.x-1.9. The issue is that the module does not properly exit when users lack access to package/task nodes, allowing remote attackers to bypass access restrictions and edit unauthorized nodes. This is a server-side acces...
SA-CONTRIB-2012-080 - Hostmaster (Aegir) - Access Bypass and Cross Site Scripting (XSS)
Cross Site Scripting CVE: CVE-2012-2708. Hostmaster displays a log from tasks executed in Aegir's backend component, provision. In certain circumstances these log messages were not escaped properly before being displayed to the user. This vulnerability is mitigated by the fact that people wishing...
SA-CONTRIB-2011-041 - Hostmaster (Aegir) - Cross Site Scripting
Hostmaster Aegir provides a system for managing Drupal sites. The theme in Hostmaster, Eldir, does not sanitize the custom body classes correctly leading to a cross site scripting XSS vulnerability that can be exploited when a user is made to view a specially crafted URL. If the user is logged in...