101 matches found
CVE-2010-4519
Multiple cross-site request forgery CSRF vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable all Views or 2 disable all Views...
CVE-2010-4521
Cross-site scripting XSS vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path...
CVE-2010-4520
Multiple cross-site scripting XSS vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via 1 a URL or 2 an aggregator feed title...
SA-CONTRIB-2010-111 - Views - Cross Site Scripting
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Under certain circumstances, Views could display parts of the page path without escaping, resulting in a relected Cross Site Scripting XSS vulnerability. An attacker cou...
Fedora 11 : drupal-views-6.x.2.9-1.fc11 (2010-6356)
SA-CONTRIB-2010-036 - Views - multiple vulnerabilities ------------------------------------------------------ Advisory ID: DRUPAL-SA-CONTRIB-2010-036 Project: Views third-party module Version: 5.x, 6.x Date: 2010-April-7 Security risk: Critical Exploitable from: Remote Vulnerability: Cross Site...
Fedora 12 : drupal-views-6.x.2.11-1.fc12 (2010-10124)
Advisory ID: DRUPAL-SA-CONTRIB-2010-067 http://drupal.org/node/829840 Project: Views third-party module Version: 5.x, 6.x Date: 2010-June-16 Security risk: Less critical Exploitable from: Remote - Vulnerability: Multiple vulnerabilities -------- DESCRIPTION...
Fedora 13 : drupal-views-6.x.2.11-1.fc13 (2010-10215)
Advisory ID: DRUPAL-SA-CONTRIB-2010-067 http://drupal.org/node/829840 Project: Views third-party module Version: 5.x, 6.x Date: 2010-June-16 Security risk: Less critical Exploitable from: Remote - Vulnerability: Multiple vulnerabilities -------- DESCRIPTION...
Fedora 11 : drupal-views-6.x.2.11-1.fc11 (2010-10197)
Advisory ID: DRUPAL-SA-CONTRIB-2010-067 http://drupal.org/node/829840 Project: Views third-party module Version: 5.x, 6.x Date: 2010-June-16 Security risk: Less critical Exploitable from: Remote - Vulnerability: Multiple vulnerabilities -------- DESCRIPTION...
[SECURITY] Fedora 12 Update: drupal-views-6.x.2.11-1.fc12
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
SA-CONTRIB-2010-067 - Views - Multiple vulnerabilities
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. Cross Site Request Forgery CSRF The Views UI module, which is included with Views, can be used to enable/disable Views by following a link to a particular page e.g...
[SECURITY] Fedora 11 Update: drupal-views-6.x.2.9-1.fc11
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
[SECURITY] Fedora 13 Update: drupal-views-6.x.2.9-1.fc13
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
CVE-2009-2076
Cross-site scripting XSS vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via 1 exposed filters in the Views UI administrative interface and in the 2 view name parameter in the define custom views feature. NOT...
[SECURITY] Fedora 10 Update: drupal-views-6.x.2.6-1.fc10
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
Fedora 10 : drupal-views-6.x.2.6-1.fc10 (2009-6389)
Advisory ID: DRUPAL-SA-CONTRIB-2009-037 0 Project: Views Versions: 6.x-2.x Date: 2009-June-10 Security risk: Moderately critical Exploitable from: Remote Vulnerability: Cross Site Scripting XSS, Access Bypass -------- DESCRIPTION -------------------------------------------------------- - The...
Fedora 9 : drupal-views-6.x.2.6-1.fc9 (2009-6171)
Advisory ID: DRUPAL-SA-CONTRIB-2009-037 0 Project: Views Versions: 6.x-2.x Date: 2009-June-10 Security risk: Moderately critical Exploitable from: Remote Vulnerability: Cross Site Scripting XSS, Access Bypass -------- DESCRIPTION -------------------------------------------------------- - The...
Sql injection
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."...
CVE-2008-6020
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."...
CVE-2008-6020
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."...
CVE-2008-6020
CVE-2008-6020 is a SQL injection vulnerability in the Drupal Views module (6.x) prior to 6.x-2.2. The issue arises from an exposed filter on CCK text fields, allowing remote attackers to execute arbitrary SQL commands. Affected product/component: Drupal Views 6.x; root cause: unsafeguarded input ...