RestWS - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024

RestWS makes Drupal Entity data available in a REST API. The module doesn’t sufficiently check for access to properties when filtering queries. This vulnerability is mitigated by the fact that an attacker must have a role that allows them to access an entity type with access-controlled properties...

SA-CONTRIB-2012-026 - ZipCart - Access bypass

CVE: CVE-2012-1650 ZipCart enables a site to provide users with Zip archives for downloads selected by the user. Versions of ZipCart prior to 6.x-1.4 checks an incorrect permission when building archives. This vulnerability is mitigated by the fact that archive file addition is only permitted if...

SA-CONTRIB-2009-010 Plus 1 - Cross-site request forgery

The Plus 1 module provides a voting widget for content that records votes using Ajax. The URL for voting is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Versions of Plus 1 prior to 6.x-2.6 Drupal core is not...

SA-2008-045 - OpenID - Multiple vulnerabilities

The OpenID module for Drupal 5.x allows uses to create an account or log into a Drupal site using one or more OpenID identities. Find out more about OpenID at http://openid.net. Two vulnerabilities and weaknesses were discovered in the contributed OpenID module. Cross site scripting Some...