EUVD-2009-3754

Malware in sbrugna...

EUVD-2008-0581

Malware in sbrugna...

SA-CONTRIB-2011-007 - Userpoints Cross Site Scripting

The Userpoints module allows users to gain points through specific actions like contributing content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full administrative...

Code injection

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors...

CVE-2009-3782

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors...

CVE-2009-3782

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors...

CVE-2009-3782

The CVE affects Drupal’s Userpoints 6.x prior to 6.x-1.1. It allows remote authenticated users with the "View own userpoints" permission to read arbitrary users’ userpoint data via unknown attack vectors. The vulnerability’s impact is partial confidentiality; no exploit details are provided. Reme...

DRUPAL-SA-CONTRIB-2009-077 - Userpoints - Information disclosure

The Userpoints module enables the users of a site to gain or lose points based on their activity. There is a vulnerability in the module which allows any user with the "View own userpoints" permission to view the userpoints data of any user, not just their own. Versions affected Userponts module...

CVE-2008-0571

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and manipulate points...

Cross site request forgery (csrf)

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and manipulate points...

CVE-2008-0571

The vulnerability CVE-2008-0571 affects the Drupal Userpoints module. Affected versions are Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3. The issue arises because the point moderation form does not follow Drupal’s Forms API submission model, enabling cross-si...

CVE-2008-0571

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and manipulate points...

SA-2008-014 - Userpoints - Cross site request forgery

Userpoints is a system for keeping track of points earned on a site. It can be used to reward users for contributions to a community and also for ecommerce transactions. The Drupal Forms API protects against cross site request forgeries CSRF, where a malicious site can cause a user to...