25 matches found
EUVD-2013-4098
Malware in sbrugna...
EUVD-2013-5155
Malware in sbrugna...
EUVD-2015-7234
Malware in sbrugna...
Malicious code in test-mlw2-piper-scald (npm)
The package test-mlw2-piper-scald was found to contain malicious code...
MAL-2025-35985 Malicious code in test-mlw2-piper-scald (npm)
The package test-mlw2-piper-scald was found to contain malicious code...
MAL-2025-35393 Malicious code in test-mlw2-gauds-scald (npm)
The package test-mlw2-gauds-scald was found to contain malicious code...
Malicious code in test-mlw2-gauds-scald (npm)
The package test-mlw2-gauds-scald was found to contain malicious code...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
Drupal Scald File Module Remote Code Execution Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Scald File is one of the modules used to handle multimedia. A remote code execution vulnerability exists in the Drupal Scald File module, version 7.x-1.x prior to 7.x-1.2. An attacker...
Scald File - Critical - Remote Code Execution - SA-CONTRIB-2016-015
When a PDF is uploaded in Scald File, various tools can be executed if they're installed on the server, to try to generate a thumbnail out of that PDF. This is mitigated by the need to have the sufficient permissions to upload a file in Scald, and also to have at least one of the thumbnail creati...
Drupal Scald Module Information Disclosure Vulnerability
Drupal is a free and open source content management system developed in PHP.Scald module for Drupal is a multimedia management module for Drupal. An information disclosure vulnerability exists in the Drupal Scald module version 7.x-1.5 and prior to version 7.x-1.x, which allows a remote attacker ...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
Information disclosure
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
CVE-2015-7305
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context."...
CVE-2015-7305
The vulnerability CVE-2015-7305 affects the Drupal Scald module (Scald 7.x-1.x) prior to 7.x-1.5, where a misconfiguration allows remote attackers to obtain sensitive atom property information via a debug context, bypassing field restrictions. Affected software is the Scald: Media Management made...
Scald - Moderately Critical - Information Disclosure - SA-CONTRIB-2015-151
This module enables you to easily manage your media assets and re-use them in all your content. The module provided a "debug" context that gave access to all the atom properties, including all the fields attached to this atom, without applying the corresponding field restrictions. This...
CVE-2013-5315
Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...
CVE-2013-4174
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...
Cross site scripting
Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the 1 flashuri, 2 flashwidth, or 3 flashheight in the scaldflashscaldprerender function in...