EUVD-2012-4429

Malware in sbrugna...

CVE-2012-4483

The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...

DRUPAL-CONTRIB-2024-030

This module integrates the mmenu library with Drupal's menu system with the aim of having an off-canvas mobile menu and a horizontal menu at wider widths. The module doesn't respect custom node access restrictions implemented through hook\ENTITY\TYPE\access hooks meaning the titles of restricted...

GHSA-96VX-QF28-6F8M Drupal Access Control Bypass

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...

Language fallback can be incorrect on multilingual sites with node access restrictions.

More info at https://www.drupal.org/SA-CORE-2018-001...

CVE-2012-4483

The commonsdiscussionviewsdefaultviews function in modules/features/commonsdiscussion/commonsdiscussion.viewsdefault.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensiti...

Design/Logic Flaw

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact...

CVE-2012-4500

The CVE-2012-4500 entry concerns Drupal’s Announcements module (6.x-1.x) prior to version 6.x-1.5. The vulnerability allows remote authenticated users who have the 'access announcements' permission to bypass node access restrictions, potentially leading to additional unspecified impact. Patch/fix...

SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass

Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...

CVE-2011-2687

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...

CVE-2010-0752

The weekpostpage function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors...

CVE-2010-0752

The weekpostpage function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors...

SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities

Bubbletimer allows users to create timesheets based on nodes. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing node titles before they are displayed. It is also vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly add...