12 matches found
EUVD-2012-4416
Malware in sbrugna...
CVE-2012-4487
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created...
CVE-2012-4486
Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...
CVE-2012-4486
Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...
CVE-2012-4487
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...
Code injection
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created...
CVE-2012-4487
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created...
CVE-2012-4486
Cross-site request forgery CSRF vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors...
CVE-2012-4486
The CVE-2012-4486 issue affects the Drupal Subuser module prior to 6.x-1.8, where a CSRF flaw could allow remote attackers to hijack another user’s session by switching to a subuser via unspecified vectors. Impact is unauthorized account switching (CSRF) with partial confidentiality/integrity/ava...
CVE-2012-4487
The CVE concerns Drupal’s Subuser module, prior to version 6.x-1.8. The vulnerability arises from insufficient checking of the "switch subuser" permission, enabling remote authenticated parent users to change their role by switching to a subuser they created. Practical impact is a potential privi...
SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF) and Access Bypass
The Subuser module allows users to be given the permission to create subusers. The subusers may then be automatically assigned a role or roles. The parent user then has the ability to manage the subusers they have created. A parent user is allowed to assume the role of a subuser they created swit...