12 matches found
EUVD-2011-0783
Malware in sbrugna...
EUVD-2012-2289
Malware in sbrugna...
CVE-2012-2296
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
Design/Logic Flaw
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
CVE-2012-2296
The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...
CVE-2012-2296
The CVE-2012-2296 issue affects the Janrain Engage (formerly RPX) Drupal module. It states that user profile data from Engage is stored in session tables (and also in the users table) for Drupal 6.x-1.x, 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2, which could enable remote attackers t...
SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability
CVE: CVE-2012-2296 Using Janrain Engage, Drupal sites can authenticate new and existing users with popular social networks, map user profile data from these websites to Drupal fields, and share Drupal content with a user's friends on their social networks. The module permanently retains the...
CVE-2011-0771
The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...
Cross site scripting
The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...
CVE-2011-0771
The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...
CVE-2011-0771
The CVE-2011-0771 entry concerns the Drupal module Janrain Engage (RPX) 6.x-1.3, which fails to validate the avatar/profile image file. This vulnerability allows remote authenticated users to perform cross-site scripting (XSS) and potentially execute arbitrary PHP code by triggering a crafted ava...
SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities
RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...