20 matches found
EUVD-2022-2984
Malicious code in bioql PyPI...
SUSE CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
GHSA-7FFH-CJVG-FPR4 Drupal Settings Tray access bypass
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
Drupal Settings Tray access bypass
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
Drupal 7.x < 7.57 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...
Drupal 8.x < 8.4.5 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...
Drupal 8.5.x < 8.5.0-rc1 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. CVE-2017-6926 - A flaw exists with the...
Access Restriction Bypass
drupal is vulnerable to access restriction bypass. The bypass is possible because Settings Tray module lack a correct check for permission to update certain data...
CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
Heap overflow
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
CVE-2017-6931
In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks should be added. Th...
CVE-2017-6931
The CVE concerns Drupal 8.4.x prior to 8.4.5 where the Settings Tray form (in Settings Tray module, contributed or custom) bypasses proper access checks, allowing users to update data they should not modify. The root cause is missing access checks in certain Settings Tray implementations; the Dru...
Drupal 8.x < 8.4.5 Multiple Vulnerabilities (SA-CORE-2018-001)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities : - A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not...
Drupal Access Control Bypass Vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Settings Tray module is one of the Tray settings modules. A security vulnerability exists in the Settings Tray module in Drupal. An attacker can exploit this vulnerability to update...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (57580fcc-1a61-11e8-97e0-00e04c1ea73d)
Drupal Security Team reports : CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Linux
Drupal is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
Settings Tray access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...
Settings Tray access bypass.
More info at https://www.drupal.org/SA-CORE-2018-001...