Lucene search
+L

32 matches found

OSV
OSV
added 2019/07/03 7:15 p.m.6 views

CVE-2018-14862

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

6.5CVSS5.9AI score0.00805EPSS
Exploits0References1
Prion
Prion
added 2019/07/03 7:15 p.m.15 views

Design/Logic Flaw

Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request...

5.5CVSS6.3AI score0.00805EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2018/05/25 2:57 p.m.27 views

[SECURITY] Fedora 26 Update: xdg-utils-1.1.3-1.fc26

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: Third party software developers can rely on these xdg-utils for all of their simple...

8.8CVSS1.3AI score0.02493EPSS
Exploits0
OSV
OSV
added 2018/04/18 3:45 p.m.5 views

DRUPAL-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

6.8AI score
Exploits0References1
OSV
OSV
added 2017/03/07 4:59 p.m.7 views

CVE-2017-6509

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php id parameter...

6.1CVSS5.8AI score0.00652EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/02/19 6:8 p.m.97 views

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Oracle Critical Patch Update of January 2017 to OpenJDK 7u131 bsc1020905: Security Fixes - S8138725: Add options for Javadoc generation - S8140353: Improve signature checking - S8151934, CVE-2017-3231: Resolve class resolution -...

6.8CVSS6.9AI score0.95707EPSS
Exploits13References1
Prion
Prion
added 2016/08/05 1:59 a.m.37 views

Design/Logic Flaw

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash by leveraging keyboard access to use the Alt...

7.5CVSS8.1AI score0.02953EPSS
Exploits0References11Affected Software3
Fedora
Fedora
added 2015/01/26 2:33 a.m.10 views

[SECURITY] Fedora 21 Update: xdg-utils-1.1.0-0.35.rc3.fc21

The xdg-utils package is a set of simple scripts that provide basic desktop integration functions for any Free Desktop, such as Linux. They are intended to provide a set of defacto standards. This means that: Third party software developers can rely on these xdg-utils for all of their simple...

1.3AI score
Exploits0
Cvelist
Cvelist
added 2013/03/27 9:0 p.m.21 views

CVE-2013-0324

Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...

5.3AI score0.00941EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/07/30 5:0 p.m.32 views

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

6.8AI score0.01271EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2007/07/26 12:0 a.m.23 views

drupal -- Cross site request forgeries

The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...

3.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.21 views

Debian DSA-1007-1 : drupal - several vulnerabilities

The Drupal Security Team discovered several vulnerabilities in Drupal, a fully-featured content management and discussion engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1225 Due to missing input sanitising a remote attacker could inject...

5.1CVSS5.7AI score0.01965EPSS
Exploits0References9
Rows per page
Query Builder