31 matches found
EUVD-2007-3802
Malware in sbrugna...
EUVD-2014-9183
Malware in sbrugna...
EUVD-2014-9186
Malware in sbrugna...
EUVD-2007-3801
Malware in sbrugna...
EUVD-2009-2287
Malware in sbrugna...
CVE-2014-9364
Cross-site scripting XSS vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-9361
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...
CVE-2009-2291
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors...
CVE-2014-9364
Cross-site scripting XSS vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Code injection
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...
CVE-2014-9361
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...
CVE-2014-9361
The vulnerability CVE-2014-9361 affects the Drupal LoginToboggan module for Drupal 7.x: versions prior to 7.x-1.4 allow remote attackers who have the pre-authorized role to bypass permissions by not properly unsetting the authorized user role on certain pages, potentially gaining privileges and a...
CVE-2014-9364
CVE-2014-9364 corresponds to a Cross-Site Scripting (XSS) vulnerability in the Unified Login form of the Drupal LoginToboggan module (7.x-1.x) older than 7.x-1.4. The issue allows remote attackers to inject arbitrary web script/HTML via unspecified vectors. The Drupal advisory SA-CONTRIB-2014-069...
CVE-2014-9361
The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...
SA-CONTRIB-2014-069 - Logintoboggan - Access Bypass and Cross Site Scripting (XSS)
This module enables you to customise the standard Drupal registration and login processes. Cross Site Scripting The module doesn't filter user-supplied information from the URL resulting in a reflected Cross Site Scripting XSS vulnerability. Access Bypass The module introduces a concept of a...
SA-CONTRIB-2010-042: LoginToboggan - Session fixation
The LoginToboggan module provides a customized log in workflow. Attackers may be able to exploit the workflow to initiate a session fixation attack. Versions affected LoginToboggan versions for the 5.x and 6.x versions of Drupal Drupal core is not affected. If you do not use the contributed...
CVE-2009-2291
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors...
Design/Logic Flaw
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors...
CVE-2009-2291
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors...