19 matches found
EUVD-2009-3887
Malware in sbrugna...
EUVD-2008-2764
Malware in sbrugna...
EUVD-2012-2708
Malware in sbrugna...
CVE-2012-2728
Multiple cross-site request forgery CSRF vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an 1 up or 2 down action...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an 1 up or 2 down action...
CVE-2012-2728
CVE-2012-2728 affects the Drupal Node Hierarchy module (6.x-1.x) prior to 6.x-1.5. The vulnerability allows CSRF that can hijack an administrator’s session to reorder node hierarchy via up/down actions. Impact is admin-authentication compromise leading to unintended hierarchy changes. Remediation...
CVE-2012-2728
Multiple cross-site request forgery CSRF vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an 1 up or 2 down action...
SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF)
Node Hierarchy module allows for the creation of parent child relationships among nodes that can create a tree-like hierarchy of content. The module doesn't sufficiently confirm user intent when reordering children nodes allowing a malicious user to trick a site admin to changing the desired...
Cross site scripting
Cross-site scripting XSS vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title...
CVE-2009-3916
Cross-site scripting XSS vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title...
CVE-2009-3916
Cross-site scripting XSS vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title...
CVE-2009-3916
CVE-2009-3916 concerns the Drupal Node Hierarchy module. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a child node title, affecting module releases prior to 5.x-1.3 and 6.x-1.3. The issue arises from an XSS flaw in the processing of node titles, enabling at...
SA-CONTRIB-2009-091 - Node Hierarchy - Cross Site Scripting
The Node Hierarchy module enables a site administrator to arrange their site into a tree-like structure. When displaying the list of children for a node the module does not properly sanitize the titles of the child nodes before outputting them, leading to a cross-site scripting XSS vulnerability...
Improper access control
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors...
CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors...
CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors...
CVE-2008-2771
The CVE-2008-2771 issue affects the Drupal Node Hierarchy module (5.x up to 5.x-1.1 and 6.x up to 6.x-1.0). The root cause is that access checks are not properly enforced, allowing remote attackers with the “access content” permission to bypass restrictions and modify the node hierarchy through u...
CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors...
SA-2008-034 - Node Hierarchy - Access bypass
The contributed module Node Hierarchy allows nodes to be children of other nodes creating a tree-like hierarchy of content. Due to incorrectly implemented access checks, any user with the "access content" permission is able to rearrange the hierarchy. No private data is exposed, and no content ca...