16 matches found
EUVD-2015-4410
Malware in sbrugna...
EUVD-2013-4173
Malware in sbrugna...
CVE-2012-1632
Cross-site scripting XSS vulnerability in passwordpolicy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter...
CVE-2015-4387
Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...
Cross site scripting
Cross-site scripting XSS vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers to inject arbitrary web script or HTML via a...
CVE-2015-4387
The CVE-2015-4387 vulnerability affects the Drupal Password Policy module (6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11). The root cause is inadequate sanitization in certain administration pages when a policy uses the username constraint, allowing a crafted username imported from an exter...
CVE-2013-4274
Cross-site scripting XSS vulnerability in the passwordpolicyadminview function in passwordpolicy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web...
CVE-2012-5552
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."...
Drupal Password Policy模块跨站请求伪造和跨站脚本执行漏洞
BUGTRAQ ID: 51385 CVE ID: CVE-2012-1633 Drupal是一款开源CMS,可以作为各种网站的内容管理平台。 Drupal Password Policy模块6.x-1.x 存在跨站脚本漏洞。可允许远程攻击者劫持管理员用户接通用户请求的验证。 0 Drupal Password Policy 6.X-1.X 厂商补丁: Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://drupal.org/...
CVE-2012-1633
Cross-site request forgery CSRF vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user...
CVE-2012-1632
Cross-site scripting XSS vulnerability in passwordpolicy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter...
CVE-2012-1633
CVE-2012-1633 affects Drupal via the Password Policy module (6.x-1.x prior to 6.x-1.4 and 7.x-1.0 beta3). The vulnerability is a Cross-site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of administrative users for requests that unblock a user. Impact is administ...
CVE-2012-1632
Cross-site scripting XSS vulnerability in passwordpolicy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter...
CVE-2012-1633
Cross-site request forgery CSRF vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user...
Mandriva Update for mandriva-doc MDVA-2010:151 (mandriva-doc)
Check for the Version of mandriva-doc OpenVAS Vulnerability Test Mandriva Update for mandriva-doc MDVA-2010:151 mandriva-doc Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Mandriva Update for mandriva-doc MDVA-2010:151 (mandriva-doc)
Check for the Version of mandriva-doc OpenVAS Vulnerability Test Mandriva Update for mandriva-doc MDVA-2010:151 mandriva-doc Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...