EUVD-2013-6863

Malware in sbrugna...

CVE-2013-7067

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request...

Cross site request forgery (csrf)

The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request...

CVE-2013-7067

Summary of CVE-2013-7067 (Drupal OG Features module): The vulnerability affects the Drupal OG Features module (version 6.x-1.x prior to 6.x-1.4). The module does not properly override pages when an access callback is explicitly set to FALSE, allowing remote attackers to bypass intended access res...

SA-CONTRIB-2013-097 - OG Features - Access bypass

This module enables you to enable and disable bundles of functionality for individual Organic groups. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually i...

SA-CONTRIB-2011-047 - OG Features access bypass

OG Features provides a mechanism for groups to enable or disable certain bundles of functionality, of features, within the groups they administer. The module is able to turn components on and off within given groups by overriding the access callbacks of every menu item, and checking conditions...