13 matches found
EUVD-2015-3403
Malware in sbrugna...
EUVD-2015-3401
Malware in sbrugna...
Multiple Open Redirect Vulnerabilities in Drupal Tadaa! module
Drupal Tadaa! module is a Drupal module that simplifies enabling or disabling modules and changing configurations when switching between environments. Multiple open redirection vulnerabilities exist in Drupal Tadaa! module versions prior to 7.x-1.4. This allows remote attackers to redirect users ...
CVE-2015-3358
Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that 1 enable and disable modules or 2 change variables...
CVE-2015-3356
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...
Open redirect
Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that 1 enable and disable modules or 2 change variables...
CVE-2015-3356
Multiple cross-site request forgery CSRF vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 enable or 2 disable modules or 3 change variables via unspecified vectors...
CVE-2015-3356
CVE-2015-3356 affects the Drupal Tadaa! module (7.x, prior to 7.x-1.4). The vulnerability arises from multiple unprotected CSRF vectors that allow a logged-in attacker with the module permission to perform actions such as enabling/disabling modules or changing configuration by coaxing a user to m...
CVE-2015-3358
Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter, related to callbacks that 1 enable and disable modules or 2 change variables...
CVE-2015-3358
The CVE concerns the Drupal Tadaa! module (pre-7.x-1.4) which contains multiple open redirect vulnerabilities in its destination parameter used by callbacks that enable/disable modules or change variables. Attackers could lure users to arbitrary sites and conduct phishing via crafted URLs, as des...
Multiple Cross-Site Request Forgery Vulnerabilities in Drupal Tadaa! module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site request forgery vulnerabilities exist in the Drupal Tadaa! module, which can be exploited by an attacker to perform certain unauthorized actions and gain access to affected applications...
SA-CONTRIB-2015-016 - Tadaa! - Multiple vulnerabilities
Tadaa! is a module aimed at simplifying the process of enabling/disabling modules and altering configuration when switching between different environments, e.g. Production/Staging/Development. The module exposes multiple paths that were not protected against Cross Site Request Forgeries CSRF. A...