4 matches found
SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
This module enables you to configure breadcrumbs for any Drupal page. The module doesn't check node access on 403 Not Found pages. As a result, unpublished content data can be shown to unprivileged user. This vulnerability is mitigated by the fact that it is possible to configure proper access...
SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)
The Simple Meta module provides a method to set meta tags, such as page title, description and keywords for nodes, views and other pages. The module doesn't sufficiently confirm user intent when adding and deleting meta tag entries allowing a malicious user to trick a site admin into deleting...
SA-CONTRIB-2012-103 - Global Redirect - Open Redirect
This module improves SEO and usability of a site by redirecting visitors to user-friendly and search-engine-friendly URLs. The module does not sufficiently validate that a destination URL is internal to the site, allowing an attacker to disguise a malicious destination address as a query paramete...
SA-CONTRIB-2010-104 - Relevant Content - Information Disclosure
The Relevant Content module provides a block and CCK field which contain links to other nodes on the site which are considered "relevant" to the current nodes based on number of shared taxonomy terms. The Relevant Content module does not implement node access logic properly, resulting in the...