42 matches found
DSA-3291-1 drupal7 - security update
Bulletin has no description...
Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)
Multiple security issues was identified and fixed in drupal : The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors CVE-2014-1475. The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earli...
Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require...
DSA-2851-1 drupal6 - impersonation
Bulletin has no description...
MGASA-2014-0031 Updated drupal package fixes security vulnerabilities
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...
Debian DSA-2847-1 : drupal7 - several vulnerabilities
Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that...
[SECURITY] [DSA 2847-1] drupal7 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2847-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)
Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows...
SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Impersonation OpenID module - Drupal 6 and 7 - Highly critical A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack...
CVE-2012-4554
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...
Design/Logic Flaw
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...
FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)
Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...
Drupal 7.x < 7.16 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...
SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure
Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...
drupal7 -- multiple vulnerabilities
Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...
Debian: Security Advisory (DSA-2113-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2010-3685
The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...
CVE-2010-3685
Summary of CVE-2010-3685 : The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 fail to validate reuse of openid.response_nonce values, enabling remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. This is a protocol-level f...
CVE-2010-3686
The CVE-2010-3686 issue affects Drupal 6.x OpenID module before 6.18 and OpenID module 5.x before 5.x-1.4, where OpenID fields aren’t consistently signed, allowing remote attackers to bypass authentication via an OpenID provider assertion. Fixes are available: upgrade Drupal/OpenID to 6.18+ (and ...
Debian DSA-2113-1 : drupal6 - several vulnerabilities
Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to use...