EUVD-2009-3632

Malware in sbrugna...

EUVD-2009-3631

Malware in sbrugna...

Session fixation

Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2009-3657

Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors...

CVE-2009-3657

Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2009-3657

CVE-2009-3657 describes a session fixation vulnerability in the Drupal-related module “Shared Sign-On” versions 5.x and 6.x. The issue allows remote attackers to hijack user sessions via unspecified vectors, as noted in the NVD entry and related records. The vulnerability is characterized as a se...

CVE-2009-3656

Cross-site request forgery CSRF vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors...

SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting

The Shared Sign On module enables users to log into one Drupal site and be automatically logged into multiple related Drupal sites. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Session fixation problem Session Fixation. This problem allows an attack...