SA-CONTRIB-2012-101 - Protected Node - Access Bypass

The Protected Node module enables users to use a password to restrict access to an individual node or all nodes of a node type. The module doesn't sufficiently protect node access when nodes are accessed outside of the standard node view i.e. node/1 is protected but other lists are not. CVE:...

CVE-2011-4560

Cross-site scripting XSS vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition...

Cross site scripting

Cross-site scripting XSS vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition...

CVE-2011-4560

Cross-site scripting XSS vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition...

Cross site scripting

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

CVE-2009-4518

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

CVE-2009-4518

CVE-2009-4518 affects Drupal’s Insert Node module 5.x before 5.x-1.2. It enables remote attackers to inject arbitrary web script or HTML via an inserted node, resulting in a cross-site scripting (XSS) vulnerability. The affected component is the Insert Node module (5.x line); the root cause is im...

CVE-2009-0817

Cross-site scripting XSS vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is...

CVE-2009-0817

Cross-site scripting XSS vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is...

CVE-2009-0817

This CVE concerns the Drupal Protected Node module. Affected: Protected Node module versions 5.x before 5.x-1.4 and 6.x before 6.x-1.5. Root cause: improper handling in the protected_node_enterpassword function allows an authenticated user with the site-configuration permission to inject arbitrar...

CVE-2008-4793

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

Input validation

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

CVE-2008-4793

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

CVE-2008-4793

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

FreeBSD : drupal -- multiple vulnerabilities (12efc567-9879-11dd-a5e7-0030843d3802)

The Drupal Project reports : A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

drupal -- multiple vulnerabilities

The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...