Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. Exploiting this vulnerability allows an attacker to listen to any group or user with a specially crafted group or username and receive messages for groups they are unauthorized to view. Remediation Upgrade...

SUSE CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...

stackexchange uses an unpached version of jQuery < 3.4.0 which exposes it to prototype pollution

Description By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses...

UBUNTU-CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...

CVE-2015-3234

The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers...

Drupal 6.x < 6.36 OpenID Security Bypass

The remote web server is running a version of Drupal that is 6.x prior to 6.36. It is, therefore, potentially affected by a security bypass vulnerability due to a flaw in the OpenID module. A remote attacker can exploit this flaw to log in as other users, including administrators. Note that victi...