SA-CONTRIB-2014-022 - Slickgrid - Access bypass

The Slickgrid module is an implementation of the jQuery slickgrid plugin, a lightening fast JavaScript grid/spreadsheet. It defines a slickgrid view style, so all data can be output as an editable grid. The module doesn't check access sufficiently, allowing users to edit and change field values o...

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...

SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)

The Hashcash project is an implementation of a Proof Of Work POW or Puzzle scheme where users of a service have to do computational work to have their request granted. In the case of the Drupal Hashcash project, the service is 'form submission' and the Proof Of Work is a token that causes a parti...

SA-2008-042 - Tinytax - Cross site scripting

The Tinytax taxonomy block displays a vocabulary as a tree within a block. The module displays certain values without appropriate filtering. Malicious users with the permission to create taxonomy terms are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cro...