Moderate: Red Hat Security Advisory: git19-git security update

Updated git19-git packages that fix one security issue are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

git: arbitrary code execution via crafted URLs

A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system...

Drupal MailChimp module cross-site scripting vulnerability (CNVD-2015-05690)

Drupal is the Drupal community maintained by a set of free, open source content management system developed in PHP. MailChimp is one of the third-party mail delivery service provider MailChimp integration module. A cross-site scripting vulnerability exists in the MailChimp Signup submodule of the...

Information disclosure

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2015-4345

CVE-2015-4345 affects Drupal's RESTful Web Services RESTWS module (Drupal 7.x). The vulnerability is in the Basic Auth submodule: RESTWS 7.x-1.x versions before 7.x-1.5 and 7.x-2.x before 7.x-2.3 cache pages for authenticated requests, which can lead to information disclosure of potentially sensi...

CVE-2015-3378

CVE-2015-3378 describes an open redirect vulnerability in the Drupal Views module (versions 6.x prior to 6.x-2.18, 6.x-3.x prior to 6.x-3.2, and 7.x prior to 7.x-3.10) when the Views UI submodule is enabled. The underlying issue is an unsanitized URL handling path used to break the lock on edited...

Sierra Library Services Platform Multiple Vulnerability Disclosure

Product: Sierra Library Services Platform Vendor: Innovative Interfaces Inc Vulnerable Version: 1.23 Tested Version: 1.23 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5136 Risk Level: Medium CVSSv2 Ba...

Cross site request forgery (csrf)

Innovative Interfaces Sierra Library Services Platform 1.23 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule...

CVE-2013-4498

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content"...

CVE-2013-4498

The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content"...

CVE-2013-5315

Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...

Cross site scripting

Cross-site scripting XSS vulnerability in the Resource Manager in the MEE submodule mee.module in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than...

CVE-2013-5315

CVE-2013-5315 is an XSS flaw in Drupal’s Scald module (MEE submodule). Affected: Scald 6.x-1.x before 6.x-1.0-beta3 and Scald 7.x-1.x before 7.x-1.1. Vulnerability: unsanitized atom title in Resource Manager (mee.module) allows remote injection of script/HTML. Impact is low to partial in integrit...

SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities

Monster Menus enables you to create granular page permissions, and apply them to a hierarchical page structure. The mmwebform submodule enables you to assign permissions derived from Monster Menus to webform forms. The module doesn't sufficiently filter titles entered into page settings and echoe...

MGASA-2013-0170 Updated telepathy-gabble package fixes security vulnerability

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack...

Debian Security Advisory DSA 2702-1 (telepathy-gabble - TLS verification bypass)

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perfor...

Debian: Security Advisory (DSA-2702-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2009-5472 · Drupal · Date Module

Name of the Vulnerable Software and Affected Versions: Drupal Date module versions prior to 6.x-2.3 Description: A cross-site scripting XSS issue exists in the Date Tools sub-module of the Date module, allowing remote authenticated users with specific privileges to inject arbitrary web script or...