32 matches found
EUVD-2014-9321
Malware in sbrugna...
EUVD-2014-9320
Malware in sbrugna...
EUVD-2014-9319
Malware in sbrugna...
Drupal Open Atrium Module OG Subgroups Module Access Bypass Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a teamwork development module based on the Drupal platform.OG Subgroups module is one of the OG subgroups module. A security vulnerability exists in the OG...
Drupal Open Atrium module Discussions sub module security vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a collaborative team development module based on the Drupal platform.Discussions sub module is one of the sub-modules. A security vulnerability exists in the...
Drupal Open Atrium Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium module is a collaborative team development module based on the Drupal platform. Multiple cross-site request forgery vulnerabilities exist in subcomponents of the Drupal Open...
CVE-2014-9504
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...
Design/Logic Flaw
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks...
CVE-2014-9503
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks...
CVE-2014-9502
Multiple cross-site request forgery CSRF vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks...
Improper access control
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks...
CVE-2014-9504
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance...
CVE-2014-9502
CVE-2014-9502 covers multiple CSRF vulnerabilities in the Open Atrium module for Drupal 7.x-2.x (pre-7.x-2.26). Affected: Open Atrium 7.x-2.x before 7.x-2.26; vulnerability exists in unspecified submodules and relates to menu callbacks, allowing remote attackers to hijack other users’ sessions. E...
CVE-2014-9503
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks...
CVE-2014-9503
CVE-2014-9503 affects the Open Atrium 7.x-2.x Discussions sub module (pre-7.x-2.26). The vulnerability allows remote authenticated users with "access content" permissions to modify arbitrary nodes due to improper access checks on unspecified AJAX callbacks. Impact is limited to Drupal/Open Atrium...
CVE-2014-9504
CVE-2014-9504 affects Drupal Open Atrium’s OG Subgroups module. When used with Open Atrium 7.x-2.x prior to 7.x-2.26, it allows a remote attacker to access child groups via vectors related to membership inheritance. Documents confirm the vulnerable configuration and the affected version range; no...
Panopoly Core - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-093
This module provides common functionality used by other modules in the Panopoly distribution and child distributions, like, Open Atrium. The module doesn't sufficiently filter node titles used in breadcrumbs when the "Append Page Title to Site Breadcrumb" setting is enabled. This vulnerability is...
Open Atrium - Moderately critical - Information Disclosure - SA-CONTRIB-2017-041
Open Atrium is a distribution the enables collaboration sites to be built. It contains several custom modules to provide various functionality. While content is often protected behind private groups, public content can also be shared. When using Open Atrium as an internal Intranet, this "public"...
Drupal Open Atrium Notifications Information Disclosure Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A security vulnerability in Drupal Open Atrium Notifications allows remote attackers to submit special requests to obtain sensitive information...