23 matches found
EUVD-2015-1751
Malware in sbrugna...
EUVD-2016-4229
Malware in sbrugna...
CVE-2015-1621
Cross-site scripting XSS vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
Code injection
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
Cross site request forgery (csrf)
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3187
The CVE-2016-3187 issue affects the Drupal Prepopulate module (7.x-2.x) prior to 7.x-2.1. An attacker can modify the REQUEST superglobal via a base64-encoded pp parameter, with unspecified impact. The vulnerability is addressed by upgrading to Prepopulate 7.x-2.1 (DRUPAL-SA-CONTRIB-2016-009). Exp...
CVE-2016-3188
The CVE-2016-3188 entry concerns Drupal’s Prepopulate module (7.x-2.x before 7.x-2.1). The flaw arises from the module failing to restrict users from overwriting arbitrary parts of $_REQUEST, enabling manipulation of fields such as actions, container, token, password, password_confirm, text_forma...
Drupal Prepopulate module security bypass vulnerability (CNVD-2016-01737)
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. prepopulate is one of the prepopulated field modules. A security vulnerability exists in Drupal Prepopulate due to the program's failure to restrict users from overriding any portion o...
Drupal Prepopulate Module Security Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. prepopulate is one of the prepopulated field modules. Drupal Prepopulate has a security vulnerability due to a failure to restrict users from overriding any portion of $REQUEST and...
Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009
The Prepopulate module allows form fields to be pre-populated in the request. The Prepopulate module does not adequately prevent a user from overwriting arbitrary parts of $REQUEST. It also does not prevent pre-populating certain fields that are not displayed or manipulating markup fields to alte...
Drupal Webform prepopulate block module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Webform prepopulate block is one of the prepopulated modules. A cross-site scripting vulnerability exists in the Drupal Webform prepopulate block module version 7.x-3.0 and earlier. A...
CVE-2015-1621
Cross-site scripting XSS vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1621
The CVE-2015-1621 is a Drupal Webform prepopulate block vulnerability. Affected component: Webform prepopulate block module for Drupal 7.x (before 7.x-3.1). Issue: cross-site scripting (XSS) where user-supplied text is not sufficiently sanitized when displaying the block, allowing remote authenti...