5 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that 1 add or 2 delete user access rules...
CVE-2008-3744
Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that 1 add or 2 delete user access rules...
CVE-2008-3744
Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that 1 add or 2 delete user access rules...
CVE-2008-3744
Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that 1 add or 2 delete user access rules...
FreeBSD : drupal -- multiple vulnerabilities (070b5b22-6d74-11dd-aa18-0030843d3802)
The Drupal Project reports : A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to...