EUVD-2012-5449

Malware in sbrugna...

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

CVE-2012-5557

The vulnerability CVE-2012-5557 affects the Drupal module User Read-Only (versions 6.x-1.x up to 6.x-1.4 and 7.x-1.x up to 7.x-1.4). The root cause is improper role assignment when more than three roles are configured, which could allow remote authenticated users to escalate privileges (demonstra...

Drupal用户只读模块安全绕过漏洞

Drupal是一款开放源码的内容管理平台。 Drupal 6.x-1.x的用户只读模块在执行某些操作时，应用错误地分配了角色，成功利用后可获取管理员权限。 0 Drupal User Read-Only Module 7.x Drupal User Read-Only Module 6.x 厂商补丁： Drupal ------ Drupal已经为此发布了一个安全公告（1840886）以及相应补丁: 1840886：SA-CONTRIB-2012-163 - User Read-Only - Permission escalation...

SA-CONTRIB-2012-163 - User Read-Only - Permission escalation

User Read-only is a module that allows an administrator to prevent modification of user account/profile fields. The administrator can select which fields will allow or disallow editing. The module can mistakenly assign roles when performing unrelated operations against a user's account such as...