14 matches found
EUVD-2012-5588
Malware in sbrugna...
EUVD-2012-5587
Malware in sbrugna...
CVE-2012-5705
Cross-site scripting XSS vulnerability in the settings page admin/settings/hotblocks in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."...
CVE-2012-5704
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service infinite loop and time out via a block that references itself...
CVE-2012-5705
Cross-site scripting XSS vulnerability in the settings page admin/settings/hotblocks in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."...
CVE-2012-5704
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service infinite loop and time out via a block that references itself...
Design/Logic Flaw
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service infinite loop and time out via a block that references itself...
Cross site scripting
Cross-site scripting XSS vulnerability in the settings page admin/settings/hotblocks in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."...
CVE-2012-5704
CVE-2012-5704 affects the Drupal Hotblocks module (6.x-1.x) prior to 6.x-1.8. The flaw allows remote authenticated users with the "administer hotblocks" permission to trigger a DoS by configuring a hotblock that references itself, causing an infinite loop/time‑out. The impact is a site denial of ...
CVE-2012-5705
Cross-site scripting XSS vulnerability in the settings page admin/settings/hotblocks in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."...
CVE-2012-5704
The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service infinite loop and time out via a block that references itself...
Drupal Hotblocks 6.x Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the curious: XSS Exploit: - --------------- 1. Install and enable the HotBlocks module 2. Navigate the Hotblocks setting page at ?q=admin/settings/hotblocks 3. Change Block 1 Name to "alert'xss';" 4. View the rendered Javascript at...
SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS)
The Hotblocks module provides an enhanced GUI for administering blocks and block content that is intended to be simpler and more controllable for less privileged users than the default block administration tools. Cross Site Scripting XSS The module doesn't sufficiently sanitize the user input for...
SA-CONTRIB-2011-051 - Hotblocks module - multiple vulnerabilities
The HotBlocks module provides a rich experience for managing blocks. The module contained multiple vulnerabilities including Cross Site Scripting XSS, Access Bypass, and Cross Site Request Forgery CSRF. XSS is mitigated by the fact that an attacker must have a role with the permission "administer...