42 matches found
EUVD-2015-3290
Malware in sbrugna...
EUVD-2010-3670
Malware in sbrugna...
EUVD-2008-6795
Malware in sbrugna...
EUVD-2010-3669
Malware in sbrugna...
EUVD-2010-3092
Malware in sbrugna...
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...
CVE-2010-3091
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.returnto value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...
CVE-2012-4554
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...
CVE-2010-3686
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...
CVE-2008-6835
Cross-site scripting XSS vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2015-3234
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...
Mageia: Security Advisory (MGASA-2015-0253)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0253 Updated drupal package fixes security vulnerability
Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...
Updated drupal package fixes security vulnerability
Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users CVE-2015-3231. A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites CVE-2015-3232. Due to insufficient URL validation, the Overlay module could be...
Drupal OpenID Module Session Hijacking Vulnerability
Drupal is an open source content management framework CMF written in the PHP language, which consists of a content management system CMS and PHP development framework Framework together. A session hijacking vulnerability exists in the OpenID module in Drupal versions 6.x before 6.36 and 7.x befor...
UBUNTU-CVE-2015-3234
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...
Debian DSA-3291-1 : drupal7 - security update
Several vulnerabilities were found in drupal7, a content management platform used to power websites. - CVE-2015-3231 Incorrect cache handling made private content viewed by 'user 1' exposed to other, non-privileged users. - CVE-2015-3232 A flaw in the Field UI module made it possible for attacker...
[SECURITY] [DSA 3291-1] drupal7 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3291-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3291-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 18, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3291-1 (drupal7 - security update)
Several vulnerabilities were found in drupal7, a content management platform used to power websites. CVE-2015-3231Incorrect cache handling made private content viewed by user 1 exposed to other, non-privileged users. CVE-2015-3232 A flaw in the Field UI module made it possible for attackers to...