1940 matches found
SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability
The theme settings allow you to link to a header background file. A URL could be entered that was not properly sanitized leading to XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...
SA-CONTRIB-2014-015 - FileField - Access Bypass
FileField module allows users to upload files with in conjunction with the Content Construction Kit CCK module in Drupal 6. The module doesn't sufficiently check permissions on revisions when determining if a user should have access to a particular file attached to that revision. A user could gai...
SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)
This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with th...
SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...
SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)
This module enables provides an API to render an iframe within a modal dialog based on the jQuery UI Dialog plugin. You should not install this module unless another module requires you to, or you wish to use it for your own custom modules. The module doesn't sufficiently filter user supplied tex...
SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...
SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure
This module enables the delivery of push notifications to iOS and Android devices. The module doesn't sufficiently randomize the certificate filenames required for Apple's Push Notification service or protect the files from being publicly accessible, which could allow an attacker to acquire the...
SA-CONTRIB-2014-010 - Services - Access Bypass and Privilege Escalation
The Services module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. User update access bypass vulnerability An authenticated user is able to assign additional roles to themselves, which means they can escalate their privileges by assigning an...
SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)
A tribune is a type of chatroom. The module doesn't sufficiently filter user provided text from Tribune node titles. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a Tribune node. CVE identifiers issued CVE-2014-8075 Versions affected...
SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities
This module enables you to expose an API to third party systems using REST, XML-RPC or other protocols. The form API provides a method for developers to submit forms programmatically using the function drupalformsubmit. During programmatic form submissions, all access checks are deliberately...
SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)
This module enables you to create blocks to place advertisements from the Google Double Click for Publishers API DFP. The module doesn't sufficiently sanitize the slot names prior to output into HTML. This vulnerability is mitigated by the fact that an attacker must have a role with the permissio...
SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect
The Language Switcher Dropdown module enables you to place a block with a convenient drop-down language switcher. After choosing a value the user is redirected to the url of the relevant language. The module doesn't check that the url provided is a valid internal path prior to redirecting. CVE...
SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing
This module allows for storing data securely in a cookie through implementing the Secure Cookie Protocol. Ability to alter trusted data in the cookie The module did an incorrect comparison of the HMAC value, allowing a bypass of the HMAC verification which allows changing the cookie value. Known...
SA-CONTRIB-2014-005 - Leaflet - Access bypass
The Leaflet module enables you to display an interactive map using the Leaflet library, using entities as map features. The module exposes complete data from entities used as map features to any site visitor with a Javascript inspector like Firebug. CVE identifiers issued ACVE identifier will be...
SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Impersonation OpenID module - Drupal 6 and 7 - Highly critical A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack...
SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)
This module allows anonymous users to fill in their contact information name, email and homepage when posting any content type including Forum Topics. This allows the submitted name to be shown instead of the usual anonymous string provided by Drupal core. The module doesn't properly sanitize the...
SA-CONTRIB-2014-001 - Entity API - Access Bypass
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. Comment, User and Node Statistics property access bypass CVE-2014-1398 The module's entity wrapper access API doesn't sufficiently protect comment, user and no...
SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability
The Ubercart module for Drupal provides a shopping cart and e-commerce features for Drupal. The module doesn't sufficiently protect against session fixation attacks when a user is automatically logged in to a newly created account during checkout. This vulnerability is mitigated by the fact that ...
SA-CONTRIB-2013-097 - OG Features - Access bypass
This module enables you to enable and disable bundles of functionality for individual Organic groups. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually i...
SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Multiple vulnerabilities due to optimistic cross-site request forgery protection Form API validation - Drupal 6 and 7 Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any...
SA-CONTRIB-2013-094 - EU Cookie Compliance - Cross Site Scripting (XSS)
This module enables you to display notifications so that visitors can give their consent to setting cookies by your website. The module doesn't sufficiently fiter and validate configuration values entered by administrators. This vulnerability is mitigated by the fact that an attacker must have a...
SA-CONTRIB-2013-093 - Invitation - Access Bypass
The Invitation module restricts registration to users who have an invite code for running a private beta. The module provides default views that don't check access to views prior to displaying private information like usernames and email addresses. CVE identifiers issued CVE-2013-7063 Versions...
SA-CONTRIB-2013-096 - Entity reference - Access bypass
By default, with an autoselect or a select widget, a user cannot autocomplete an entity title, nor can they select an entity that they have no access to. This will correctly throw a 'invalid id' error and does not show the title of the entity. However, if a user A that has access to the reference...
SA-CONTRIB-2013-095 - Organic Groups - Access bypass
Two issues exist within entity references and permissions relating to OG, allowing users potential access bypass. Posting content into groups where a user is not a member Organic Groups does not sufficiently check the group audience fields e.g. oggroupref field from being populated with invalid...
SA-CONTRIB-2013-090 - Revisioning - Access Bypass
This module enables you to create content publication workflows whereby one version of the content is "live" publicly visible, while another is being edited and moderated privately until found fit for publication. The module doesn't sufficiently apply node access permissions when used in...
SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability.
This module enables you to make life difficult for certain users, such as trolls, as an alternative to banning or deleting them from a community. The module provides means by which to punish members of your website. The aim of misery is to be not traceable by users on the misery list, so misery...
SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass
This module enables you to manage groups and assign content and users to groups. The module doesn't sufficiently check permissions to some of the configuration pages allowing unprivileged users to access the roles and permissions pages of the GCC module. CVE identifiers issued CVE-2013-4598...
SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass
Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view access. CVE identifiers issued CVE-2013-4596...
SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data
The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...
SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass
This module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users' payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that prevented th...
SA-CONTRIB-2013-084 - FileField Sources - Access Bypass
This module expands on the FileField module by allowing you to select new or existing files through additional means, such as re-using files with an auto-complete textfield, attaching server-side files uploaded via FTP, transferring file files from a remote server, pasting a file directly from th...
SA-CONTRIB-2013-083 - Quiz - Access Bypass
Access bypass on deleting quiz results The Quiz module provides tools for authoring and administering quizzes through Drupal. A quiz is given as a series of questions, with only one question appearing per page. Scores are then stored in the database. The module doesn't sufficiently check the dele...
SA-CONTRIB-2013-086 - Monster Menus - Access bypass
Monster Menus includes the ability to protect the visibility of comments for each node based on hierarchical permissions. However, a carefully-crafted URL could be used to bypass these permissions, allowing an anonymous user to view the comments associated with certain nodes. In order for this fl...
SA-CONTRIB-2013-085 - Feed Element Mapper - Cross Site Scripting
Feed Element Mapper is an add-on module for FeedAPI that maps elements on a feed item such as tags or the author name to taxonomy or CCK fields. The module doesn't sufficiently filter text when displaying options to users. This vulnerability is mitigated by the fact that an attacker must have a...
SA-CONTRIB-2013-082 - Bean - Cross Site Scripting (XSS)
This module enables you to create block entities a.k.a. beans. The module did not sufficiently filter bean titles for dangerous html. This vulnerability is mitigated by the fact that an attacker must have permission to create or edit beans. CVE identifiers issued CVE-2013-4499 Versions affected...
SA-CONTRIB-2013-081 - Spaces - Access bypass
This module enables you to make configuration options generally available only at the sitewide level to be configurable and overridden by individual "spaces" on a Drupal site. The spaces submodule, Spaces OG, doesn't properly handle deleting of organic group group spaces when the option to move t...
SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)
This module enables you to publish and send newsletters to lists of subscribers. The module also includes an API that other modules can use to register subscribers. The module doesn't sufficiently sanitize e-mail addresses prior to outputting. The provided forms sign-up, mass import, .. validate...
SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities
Context allows you to manage contextual conditions and reactions for different portions of your site This advisory covers two separate issues. Arbitrary PHP Code Execution The first, and more severe issue Highly Critical status, is that the module allows execution of PHP code via manipulation of ...
SA-CONTRIB-2013-078 - Quick Tabs - Access Bypass
The Quick Tabs module allows you to create blocks of tabbed content, specifically views, blocks, nodes and other quicktabs. You can create a block on your site containing multiple tabs with corresponding content. The module does not sufficiently check block permissions before rendering a Quick Ta...
SA-CONTRIB-2013-077 - Google Site Search - Cross Site Scripting (XSS)
This module enables you to use the Google API to search one or more sites and show the result in your Drupal site, with your custom styling. The module doesn't sufficiently sanitize the data retrieved from the Google API. This vulnerability is mitigated by the fact that an attack must come from t...
SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)
Click2Sell is an Affiliate Marketing Network which lets you sell your products through their marketplace or on your website with buy it now buttons, and which also allows you to access hundreds of affiliates who want to sell your product for you and earn commission. Reflected Cross Site Scripting...
SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)
The MediaFront module provides a front-end media presentation layer for Drupal The module doesn't sufficiently filter user input from MediaFront preset settings. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer mediafront" to exploit th...
SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)
This jQuery Countdown Module enables you to display a countdown block based upon date settings. The jQuery Countdown Module does not properly sanitize the settings, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting XSS vulnerability. This vulnerability ...
SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass
This module enables you to create polls accessible by an url with hash e.g. example.com/makemeeting/sn9028xh3398 so that anonymous users can view and vote on the poll. The module didn't sufficiently check access when a poll is accessed directly via its node url e.g. node/123. Note: a user with th...
SA-CONTRIB-2013-071 - Flag - Cross Site Scripting
The Flag module allows creation of customizable flags on entities. Flag does not properly sanitize the name of a flag on the main flag administration page, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting XSS vulnerability. This vulnerability is...
SA-CONTRIB-2013-072 - Node View Permissions - Access Bypass
The Node View Permissions module adds permissions "View own content" and "View any content" for each content type on the permissions page. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view permission. CVE identifiers...
SA-CONTRIB-2013-070 - Zen - Cross Site Scripting
The Zen theme is a very popular base/starter theme. Zen doesn't sufficiently escape the breadcrumb separator field, allowing a possible XSS exploit. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer themes". CVE identifiers issued...
SA-CONTRIB-2013-067 - BOTCHA - Information Disclosure (potential Privilege Escalation)
BOTCHA is a highly configurable non-CAPTCHA spam protection framework. The module includes a debug mode which logs the content of submitted forms including passwords and other sensitive information. An attacker who gains access to the log i.e. dblog or syslog depending on configuration could get...
SA-CONTRIB-2013-068 - Entity API - Access Bypass
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module doesn't sufficiently enforce node access restrictions when checking for a user's access to view a comment associated with a particular node. The...
SA-CONTRIB-2013-069 - Password Policy - XSS
This module enables you to specify a certain level of password complexity aka. "password hardening" for user passwords in Drupal by defining a password policy. When viewing and editing a password policy, the module doesn't sufficiently filter the form text field input and display for the "Passwor...