13 matches found
EUVD-2016-4229
Malware in sbrugna...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
Code injection
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3188
The prepopulaterequestwalk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the 1 actions, 2 container, 3 token, 4 password, 5 passwordconfirm, 6 textformat, or 7 markup field type, and consequently have unspecified impact, via unspecified...
CVE-2016-3187
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter...
CVE-2016-3188
The CVE-2016-3188 entry concerns Drupal’s Prepopulate module (7.x-2.x before 7.x-2.1). The flaw arises from the module failing to restrict users from overwriting arbitrary parts of $_REQUEST, enabling manipulation of fields such as actions, container, token, password, password_confirm, text_forma...
CVE-2016-3187
The CVE-2016-3187 issue affects the Drupal Prepopulate module (7.x-2.x) prior to 7.x-2.1. An attacker can modify the REQUEST superglobal via a base64-encoded pp parameter, with unspecified impact. The vulnerability is addressed by upgrading to Prepopulate 7.x-2.1 (DRUPAL-SA-CONTRIB-2016-009). Exp...
Drupal Prepopulate Module Security Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. prepopulate is one of the prepopulated field modules. Drupal Prepopulate has a security vulnerability due to a failure to restrict users from overriding any portion of $REQUEST and...
Prepopulate - Moderately Critical - Multiple Vulnerabilities - SA-CONTRIB-2016-009
The Prepopulate module allows form fields to be pre-populated in the request. The Prepopulate module does not adequately prevent a user from overwriting arbitrary parts of $REQUEST. It also does not prevent pre-populating certain fields that are not displayed or manipulating markup fields to alte...
SA-CONTRIB-2010-086 - Prepopulate - Access Bypass
The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form. The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter. Versions affected Prepopulat...