WordPress CM Registration – Tailored tool for seamless login and invitation-based registrations plugin <= 2.5.6 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin CM Registration and Invitation Codes versions = 2.5.6...

EUVD-2015-4384

Malware in sbrugna...

EUVD-2015-4382

Malware in sbrugna...

CVE-2012-1623

The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions...

PT-2025-15944

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM Registration and Invitation Codes versions 2.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels...

SUSE CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

openSUSE: Security Advisory for zypper, libzypp and libsolv (openSUSE-SU-2019:1927-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for zypper, libzypp and libsolv (moderate)

openSUSE Security Update: Security update for zypper, libzypp and libsolv Announcement ID: openSUSE-SU-2019:1927-1 Rating: moderate References: 1047962 1049826 1053177 1065022 1099019 1102261 1110542 1111319 1112911 1113296 1114908 1115341 1116840 1118758 1119373 1119820 1119873 1120263 1120463...

UBUNTU-CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

Drupal Registration Codes Module Security Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Registration codes is one of the modules that provides users with a valid registration code when they register a new account on the site. A security bypass vulnerability exists in the...

Registration Codes - Less Critical - Input Validation Vulnerability - SA-CONTRIB-028

This module enables you to allow users to enter a special registration code in order to sign up for the site. The module doesn't sufficiently validate the entered registration code CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Securit...

CVE-2015-4361

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors...

CVE-2015-4360

CVE-2015-4360 is a CSRF vulnerability in the Drupal contributed module Registration codes affecting 6.x-1.x before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2. The underlying issue allows remote attackers to hijack administrator authentication for requests that delete role-rules (...

CVE-2015-4360

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete role-rules via unspecified vectors...

CVE-2015-4359

Multiple cross-site scripting XSS vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with permission to create or edit taxonomy terms or nodes to inject arbitrary web script or HTML via...

CVE-2015-4361

Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...

CVE-2015-4359

The vulnerability CVE-2015-4359 affects the Drupal Registration codes module. Affected are 6.x-1.x prior to 6.x-1.6, 6.x-2.x prior to 6.x-2.8, and 7.x-1.x prior to 7.x-1.2. The issue is cross-site scripting (XSS) where remote authenticated users with permission to create or edit taxonomy terms or...