Lucene search
K

4 matches found

Drupal
Drupal
added 2015/11/04 12:0 a.m.25 views

Login Disable - Access Bypass - Moderately Critical - SA-CONTRIB-2015-162

This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module doesn't support other contributed user authentication modules like CAS or URL Login. When combined with...

7.5CVSS6.4AI score0.01645EPSS
Exploits0References8
Drupal
Drupal
added 2011/08/03 12:0 a.m.16 views

SA-CONTRIB-2011-032 - Mail Logger - Cross Site Scripting

The Mail Logger module logs all outgoing e-mails and provides users with the "access mail logger" permission to view logged e-mails. The module does not sanitize the log output of addressee information, subject, and body, leading to a Cross-Site Scripting XSS vulnerability that may lead to a...

5.8AI score
Exploits0References12
Drupal
Drupal
added 2011/04/06 12:0 a.m.14 views

SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure

The Node Quick Find module provides a block to quickly access nodes by title via an auto-completing text field. The module does not use dbrewritesql when generating the list of node titles, allowing users to see the titles of nodes to which they may not have access. Access to the node itself is n...

7.1AI score
Exploits0References9
Drupal
Drupal
added 2009/03/25 12:0 a.m.15 views

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...

7.2AI score
Exploits0References5
Rows per page
Query Builder