Lucene search
+L

42 matches found

osv
osv
added 2015/06/18 12:0 a.m.28 views

DSA-3291-1 drupal7 - security update

Bulletin has no description...

5.8CVSS6.1AI score0.02763EPSS
Exploits0
nessus
nessus
added 2014/02/16 12:0 a.m.26 views

Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)

Multiple security issues was identified and fixed in drupal : The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors CVE-2014-1475. The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earli...

7.5CVSS5.4AI score0.01526EPSS
Exploits0References3
openvas
openvas
added 2014/02/02 12:0 a.m.33 views

Debian Security Advisory DSA 2851-1 (drupal6 - impersonation)

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require...

7.5CVSS0.1AI score0.01526EPSS
Exploits0References1
osv
osv
added 2014/02/02 12:0 a.m.17 views

DSA-2851-1 drupal6 - impersonation

Bulletin has no description...

7.5CVSS6.3AI score0.01526EPSS
Exploits0
osv
osv
added 2014/01/31 4:43 p.m.11 views

MGASA-2014-0031 Updated drupal package fixes security vulnerabilities

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...

7.5CVSS6.1AI score0.01526EPSS
Exploits0References4
nessus
nessus
added 2014/01/21 12:0 a.m.33 views

Debian DSA-2847-1 : drupal7 - several vulnerabilities

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that...

7.5CVSS5.5AI score0.01526EPSS
Exploits0References7
debian
debian
added 2014/01/20 10:40 p.m.60 views

[SECURITY] [DSA 2847-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2847-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 20, 2014 http://www.debian.org/security/faq -...

7.5CVSS6.2AI score0.01526EPSS
Exploits0
openvas
openvas
added 2014/01/20 12:0 a.m.26 views

Debian Security Advisory DSA 2847-1 (drupal7 - several vulnerabilities)

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-1475 Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows...

7.5CVSS6.6AI score0.01526EPSS
Exploits0References1
drupal
drupal
added 2014/01/15 12:0 a.m.668 views

SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Impersonation OpenID module - Drupal 6 and 7 - Highly critical A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack...

7.5CVSS6.4AI score0.01526EPSS
Exploits0References19
nvd
nvd
added 2012/11/11 1:0 p.m.26 views

CVE-2012-4554

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...

5CVSS6.4AI score0.15812EPSS
Exploits4References4
prion
prion
added 2012/11/11 1:0 p.m.19 views

Design/Logic Flaw

The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file...

5CVSS6.9AI score0.15812EPSS
Exploits4References4Affected Software1
nessus
nessus
added 2012/10/31 12:0 a.m.11 views

FreeBSD : drupal7 -- multiple vulnerabilities (2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5)

Drupal Security Team reports : - Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

5.7AI score
Exploits0References2
nessus
nessus
added 2012/10/24 12:0 a.m.59 views

Drupal 7.x < 7.16 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...

6.8CVSS6.6AI score0.15812EPSS
Exploits4References3
drupal
drupal
added 2012/10/17 12:0 a.m.667 views

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

Multiple vulnerabilities were discovered in Drupal core. Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PH...

6.8CVSS7AI score0.15812EPSS
Exploits4References18
freebsd
freebsd
added 2012/10/17 12:0 a.m.15 views

drupal7 -- multiple vulnerabilities

Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

3.5AI score
Exploits0References1
openvas
openvas
added 2010/10/10 12:0 a.m.28 views

Debian: Security Advisory (DSA-2113-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.5AI score0.02372EPSS
Exploits0References3
cvelist
cvelist
added 2010/09/29 4:0 p.m.24 views

CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

6.7AI score0.02372EPSS
Exploits0References6
cve
cve
added 2010/09/29 4:0 p.m.62 views

CVE-2010-3685

Summary of CVE-2010-3685 : The OpenID module in Drupal 6.x before 6.18 and the OpenID module 5.x before 5.x-1.4 fail to validate reuse of openid.response_nonce values, enabling remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. This is a protocol-level f...

5CVSS7AI score0.02372EPSS
Exploits0References6Affected Software1
cve
cve
added 2010/09/29 4:0 p.m.72 views

CVE-2010-3686

The CVE-2010-3686 issue affects Drupal 6.x OpenID module before 6.18 and OpenID module 5.x before 5.x-1.4, where OpenID fields aren’t consistently signed, allowing remote attackers to bypass authentication via an OpenID provider assertion. Fixes are available: upgrade Drupal/OpenID to 6.18+ (and ...

5CVSS7AI score0.02372EPSS
Exploits0References6Affected Software1
nessus
nessus
added 2010/09/21 12:0 a.m.26 views

Debian DSA-2113-1 : drupal6 - several vulnerabilities

Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to use...

5.5CVSS5.1AI score0.02372EPSS
Exploits0References12
Rows per page
Query Builder