Lucene search
K
DrupalRecent

1940 matches found

Drupal
Drupal
added 2018/07/04 12:0 a.m.12 views

Universally Unique IDentifier - Moderately critical - Arbitrary file upload - SA-CONTRIB-2018-045

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module module has an arbitrary file upload vulnerability when it's used in combination with the services REST server. This vulnerability is mitigated by the fact that an attack...

6.7AI score
Exploits0References6
Drupal
Drupal
added 2018/06/27 12:0 a.m.13 views

Mass Password Reset - Less critical - Insecure Randomness - SA-CONTRIB-2018-043

This module enables you to reset passwords for all users based upon their user role. The module doesn't use a strong source of randomness, creating weak and predictable passwords. This vulnerability is mitigated by the fact that the site must be configured to reveal the password to the attacker,...

6.7AI score
Exploits0References6
Drupal
Drupal
added 2018/06/27 12:0 a.m.22 views

TFA Basic plugins - Less critical - Insecure Randomness - SA-CONTRIB-2018-044

The TFA Basic module enables you to use Two Factor Authentication via a variety of plugins including TOTP and one-time codes delivered via email or sms. The module doesn't use a strong source of randomness, creating weak and predictable one-time login codes that are then delivered using SMS. This...

6.5AI score
Exploits0References6
Drupal
Drupal
added 2018/06/27 12:0 a.m.15 views

Generate Password - Less critical - Insecure Randomness - SA-CONTRIB-2018-042

The Genpass module makes the password field optional or hidden on the add new user page admin & registration. If the password field is not set during registration, the system generates a password. The module doesn't use a strong source of randomness, creating weak and predictable passwords. This...

6.6AI score
Exploits0References7
Drupal
Drupal
added 2018/06/13 12:0 a.m.19 views

Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. This vulnerability is...

6.4AI score
Exploits0References9
Drupal
Drupal
added 2018/06/06 12:0 a.m.6 views

AdTego SiteIntel - AdBlocker Detect - Critical - Unsupported - SA-CONTRIB-2018-039

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...

7.1AI score
Exploits0References2
Drupal
Drupal
added 2018/06/06 12:0 a.m.7 views

Mollom - Critical - Unsupported - SA-CONTRIB-2018-038

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466. The security team marks all unsupported projects critical...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/06/06 12:0 a.m.7 views

Entity Delete - Critical - Multiple Vulnerabilities - SA-CONTRIB-2018-040

This module enables you to delete any types of entities in bulk. The module doesn't sufficiently verify access permissions under its use cases, leading to access bypass. The module also does not protect against Cross Site Request Forgeries on its delete process. The access bypass vulnerability is...

7AI score
Exploits0References5
Drupal
Drupal
added 2018/05/23 12:0 a.m.8 views

SimpleCrop - Critical - Unsupported - SA-CONTRIB-2018-030

Update: 2018-06-01 A new maintainer has stepped forward to maintain this module and has put out a new release. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/23 12:0 a.m.7 views

Protected Pages - Critical - Unsupported - SA-CONTRIB-2018-028

Update: 2018-06-03 A new maintainer has stepped forward and this project now has a stable release. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please rea...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/23 12:0 a.m.5 views

Education - Critical - Unsupported - SA-CONTRIB-2018-036

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/23 12:0 a.m.5 views

Zircon - Critical - Unsupported - SA-CONTRIB-2018-037

Update - 2018-09-26 This maintainer has fixed this security issue. Please install https://www.drupal.org/project/zircon/releases/7.x-1.2 to resolve the issue. The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/23 12:0 a.m.6 views

Corporate Site - Critical - Unsupported - SA-CONTRIB-2018-032

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/23 12:0 a.m.6 views

iShopping - Critical - Unsupported - SA-CONTRIB-2018-033

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/23 12:0 a.m.6 views

TB Sirate - Critical - Unsupported - SA-CONTRIB-2018-035

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/23 12:0 a.m.7 views

Hotel - Critical - Unsupported - SA-CONTRIB-2018-034

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/23 12:0 a.m.6 views

TB Nucleus - Critical - Unsupported - SA-CONTRIB-2018-031

Update - 2018-09-26 This maintainer has fixed this security issue. Please install https://www.drupal.org/project/nucleus/releases/7.x-1.6 to fix the security issue The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/23 12:0 a.m.5 views

Baidu Analytics - Critical - Unsupported - SA-CONTRIB-2018-029

The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466. The security team marks all unsupported modules critical by...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/09 12:0 a.m.4 views

Scrollable Content - Critical - Unsupported - SA-CONTRIB-2018-026

Scrollable Content provides a scrolling functionality for your content. Scrollable Content will give you a nice content slider preview of your site's nodes, and provides some display options. The security team is marking this module unsupported. There is a known security issue with the module tha...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/09 12:0 a.m.15 views

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2018-027

This module adds a new formatter for the file fields, which allows any file extension to be uploaded. The module doesn't sufficiently handle sanitization under the scenario uploaded SVG files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create...

6.5AI score
Exploits0References6
Drupal
Drupal
added 2018/05/09 12:0 a.m.8 views

Multi-Step Registration - Critical - Unsupported Module - SA-CONTRIB-2018-023

With Multi-Step Registration you can create multi-step wizard user account registration forms. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read:...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/05/09 12:0 a.m.5 views

Simple Taxonomy Revision - Critical - Unsupported - SA-CONTRIB-2018-025

Simple Taxonomy Revision module enables revisions for taxonomy terms for Drupal 8. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read:...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2018/05/09 12:0 a.m.8 views

KCFinder integration - Critical - Unsupported Module - SA-CONTRIB-2018-024

KCFinder is a multi-language file / image manager you can use to easily select, insert, upload and arrange images, flash movies, and other kinds of files. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintaine...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/04/25 12:0 a.m.11 views

D7 Media - Critical - Remote Code Execution - SA-CONTRIB-2018-020

The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a third party site. The module contained a vulnerability similar to SA-CORE-2018-004, leading to a possible remote code execution RCE attack...

7.8AI score
Exploits0References2
Drupal
Drupal
added 2018/04/25 12:0 a.m.15 views

JSON:API - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2018-021

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an...

6.7AI score
Exploits0References7
Drupal
Drupal
added 2018/04/25 12:0 a.m.6 views

DRD Agent - Critical - PHP object injection - SA-CONTRIB-2018-022

This module enables you to monitor and manage any number of remote Drupal sites and aggregate useful information for administrators in a central dashboard. The modules DRD and DRD Agent encrypt the data which is exchanged between them but in order to do so, they use the PHP serialize/unserialize...

7.4AI score
Exploits0References3
Drupal
Drupal
added 2018/04/25 12:0 a.m.732 views

Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...

9.8CVSS4.5AI score0.99236EPSS
Exploits14References24
Drupal
Drupal
added 2018/04/18 12:0 a.m.16 views

Display Suite - Critical - Cross site scripting (XSS) - SA-CONTRIB-2018-019

Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. The module doesn't sufficiently validate view modes provided dynamically via URLs leading to a reflected cross site scripting XSS attack. This vulnerability is mitigated only by the...

5.2AI score
Exploits0References1
Drupal
Drupal
added 2018/04/18 12:0 a.m.21 views

Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

6.6AI score
Exploits0References6
Drupal
Drupal
added 2018/03/21 12:0 a.m.15 views

JSON:API - Moderately critical - Access Bypass - SA-CONTRIB-2018-016

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when viewing related resources or relationships, thereby causing an access bypass vulnerability. This vulnerability is...

6.8AI score
Exploits0References6
Drupal
Drupal
added 2018/03/21 12:0 a.m.3 views

Exif - Critical - Access bypass - SA-CONTRIB-2018-017

This module enables you to retrieve image metadata and use them in fields or title. The module doesn't sufficiently restrict access to module setting pages thereby causing an access bypass vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to create...

5.7AI score
Exploits0References5
Drupal
Drupal
added 2018/02/21 12:0 a.m.25 views

CKEditor Upload Image - Critical - Access bypass - SA-CONTRIB-2018-014

This module enables you to drag and drop or paste images into CKEditor. The module does not sufficiently verify users permissions, which leads to anonymous users being able to upload files to the server...

6.8AI score
Exploits0References5
Drupal
Drupal
added 2018/02/21 12:0 a.m.16 views

JSON:API - Moderately critical - Multiple Vulnerabilities - SA-CONTRIB-2018-015

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...

6.6AI score
Exploits0References5
Drupal
Drupal
added 2018/02/14 12:0 a.m.15 views

Custom Permissions - Moderately critical - Access bypass - SA-CONTRIB-2018-010

This module enables the user to set custom permissions per path. The module doesn't perform sufficient checks on paths with dynamic arguments like "node/1" or "user/2", thereby allowing the site administrator to save custom permissions for paths that won't be protected. This could lead to an acce...

6.5AI score
Exploits0References4
Drupal
Drupal
added 2018/02/14 12:0 a.m.14 views

Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013

The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module prints debugging information to the HTML output in certain error conditions thereby causing an information disclosure vulnerability. This...

6AI score
Exploits0References6
Drupal
Drupal
added 2018/02/14 12:0 a.m.6 views

VChess - Critical - Module Unsupported - SA-CONTRIB-2018-009

The Drupal VChess module allows users to play a chess game. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...

7.1AI score
Exploits0References3
Drupal
Drupal
added 2018/02/14 12:0 a.m.8 views

Entity Backup - Critical - Module Unsupported - SA-CONTRIB-2018-012

The main purpose of the Entity Backup module is to keep a backup of deleted Drupal core entities and perform recovery of them. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2018/02/14 12:0 a.m.15 views

Dynamic Banner - Less critical - Cross site scripting - SA-CONTRIB-2018-011

This module enables a site to display different banners via blocks on different pages depending upon specific criteria. The module doesn't sufficiently filter output of banner data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/02/07 12:0 a.m.16 views

FileField Sources - Moderately critical - Access Bypass - SA-CONTRIB-2018-007

This module enables you to upload files to fields via several sources. The module doesn't sufficiently handle access control under the scenario of the autocomplete path of reference sources...

6.8AI score
Exploits0References5
Drupal
Drupal
added 2018/02/07 12:0 a.m.13 views

Entity Reference Tab / Accordion Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-008

This module enables you to show referenced entities in tabs. The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content o...

6.4AI score
Exploits0References4
Drupal
Drupal
added 2018/01/31 12:0 a.m.10 views

Sagepay - Critical - Access Bypass - SA-CONTRIB-2018-005

This module integrates the Sagepay payment service. Some of the URLs used while processing the payment are not sufficiently secured. This might allow attackers to resume a previously failed payment attempt or to view content that should only be shown after a succesful payment. This affects all...

6.6AI score
Exploits0References5
Drupal
Drupal
added 2018/01/31 12:0 a.m.19 views

Taxonomy Term Reference Tree Widget - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-006

This module provides an expandable tree widget for the Taxonomy Term Reference field in Drupal 7. The module doesn't sufficiently sanitize the output of its own defined field formatter. This vulnerability is mitigated by the fact that an attacker must have a role with the permission that allows t...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2018/01/24 12:0 a.m.17 views

Backup and Migrate - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-004

This module enables you to create manual and scheduled backups of a site, and restore the site from backup. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. Sites using this module should review the permissions page...

6.5AI score
Exploits0References8
Drupal
Drupal
added 2018/01/17 12:0 a.m.63 views

Bible - Critical - Multiple Vulnerabilities - SA-CONTRIB-2018-003

This module enables you to display a Bible on your website. Users can associate notes with a Bible version. This module has a vulnerability that would allow an attacker to wipe out, update or read notes from other users with a carefully crafted title. A user must have the "Access Bible content"...

7.8AI score
Exploits0References6
Drupal
Drupal
added 2018/01/10 12:0 a.m.14 views

Node View Permissions - Moderately critical - Access Bypass - SA-CONTRIB-2018-002

The Node view permissions module enables the "View own content" and "View any content" permissions for each content type on the permissions page. This module has a vulnerability that allows users with these permissions to view unpublished content that they are not otherwise authorized to view. Th...

6.6AI score
Exploits0References4
Drupal
Drupal
added 2018/01/10 12:0 a.m.18 views

Stacks - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-001

This module enables content editors to create complex pages and layouts on the fly without the help from a developer, using reusable widgets. The module does not sufficiently filter values posted to its AJAX endpoint, which leads to the instantiation of an arbitrary PHP class. This vulnerability ...

6.8AI score
Exploits0References5
Drupal
Drupal
added 2017/12/20 12:0 a.m.7 views

Link Click Count - Critical - Unsupported - SA-CONTRIB-2017-094

The Link Click Count module helps you to monitor the traffic to your website by creating link fields. These link fields can be individual links or internal/external links that can be added to the content type. The security team is marking this module unsupported. There is a known security issue...

7.2AI score
Exploits0References2
Drupal
Drupal
added 2017/12/20 12:0 a.m.8 views

ComScore direct tag - Less critical - Cross site scripting - SA-CONTRIB-2017-095

This module enables you to use the comScore Direct analytics system on a site. The module doesn't sufficiently sanitize one of the configuration variables prior to rendering it. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer comScore...

6.9AI score
Exploits0References4
Drupal
Drupal
added 2017/12/20 12:0 a.m.5 views

Directory based organisational layer - Critical - Unsupported - SA-CONTRIB-2017-096

This module adds a new organizational layer to Drupal, making it easy for managing large numbers of files and nodes. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. The security team takes action in...

7.3AI score
Exploits0References2
Drupal
Drupal
added 2017/12/20 12:0 a.m.11 views

me aliases - Highly critical - Arbitrary code execution - SA-CONTRIB-2017-097

'me' module provides shortcut paths to current user's pages, eg user/me, blog/me, user/me/edit, tracker/me etc. The way 'me' module handles URL arguments allows an attacker to execute arbitrary code strings...

7.6AI score
Exploits0References5
Total number of security vulnerabilities1940