14 matches found
EUVD-2012-1645
Malware in sbrugna...
EUVD-2013-4453
Malware in sbrugna...
CVE-2013-4597
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
Information disclosure
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2013-4597
The Drupal Revisioning module (7.x-1.x) is affected by CVE-2013-4597: versions prior to 7.x-1.6 do not properly enforce node access when content is unpublished by the Scheduler module, allowing remote authenticated users to reveal sensitive information via unspecified vectors. The vulnerability s...
CVE-2013-4597
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2012-1635
The hooknodeaccess function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML...
Design/Logic Flaw
The hooknodeaccess function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML...
CVE-2012-1635
The hooknodeaccess function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML...
CVE-2012-1060
Multiple cross-site scripting XSS vulnerabilities in revisioningtheme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the 1 tags or 2 ter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in revisioningtheme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the 1 tags or 2 ter...
CVE-2012-1060
Multiple cross-site scripting XSS vulnerabilities in revisioningtheme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the 1 tags or 2 ter...
SA-CONTRIB-2012-018 - Revisioning - Cross Site Scripting
CVE: CVE-2012-1060 The Drupal Revisioning module https://drupal.org/project/revisioning "is a module for the configuration of workflows to create, moderate and publish content revisions." The Revisioning module contains a persistent cross site scripting XSS vulnerability due to the fact that it...
SA-CONTRIB-2012-009 - Revisioning - Access bypass
CVE: CVE-2012-1635 This module enables you to create moderation publication workflows, allowing authors to create content that isn't visible to the public until it has been approved by a moderator/publisher. The module's implementation of hooknodeaccess assumes that access is to granted/denied...