Drupal Block Class module 4.0.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Ivo Van Geertruyen mr.baileys in WordPress Module Block Class versions 4.0.0...

Drupal Matomo Analytics module < 1.24.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Ivo Van Geertruyen in WordPress Module Matomo Analytics versions 1.24.0...

Require Login - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2016-045

This module enables you to restrict site access without using user roles or permissions. The module does not sufficiently escape some of its settings, and, in some cases, allows malicious users to bypass the protection offered by Require Login. CVE identifiers issued ACVE identifier will be...

SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

This module will allow you to add Time-based One-time Password Algorithm also called "Two Step Authentication" or "Multi-Factor Authentication" support to user logins. It works with Google's Authenticator app system and support most if not all OATH based HOTP/TOTP systems. Accidental removal of...

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...

SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)

The Exposed Filter Data facilitates displaying data posted to Views via an exposed filter. The module does not properly sanitize user-supplied data prior to output, leading to a Cross-Site Scripting XSS vulnerability. CVE: Requested Versions affected Exposed Filter Data 6.x-1.x versions prior to...

SA-CONTRIB-2012-052 - Node Limit Number - Cross Site Request Forgery (CSRF)

CVE: CVE-2012-2080 The Node Limit Number module enables an administrator to place limits on how many nodes may be created by each user. Node Limit Number does not protect the delete URL against Cross Site Request Forgery attacks, allowing a malicious user to trick someone with "administer node...

SA-CONTRIB-2012-025 - Cool aid; Editable help messages - Multiple vulnerabilities

Cool aid is a Drupal module that allows users to add custom help messages to Drupal pages. The module did not properly clean user input before displaying it, and did not properly check for access permissions, allowing users with "administer coolaid" to inject scripts anywhere on a site. The XSS...