1940 matches found
SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)
The Drupal FileField module lets you upload files from your computer through a CCK field. The FileField Sources module expands on this ability by allowing you to select new or existing files through additional means. The FileField Sources module contains a persistent cross site scripting XSS...
SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution
The Simplenews Scheduler module provides a system for creating automatic email newsletters. These can be set to be sent at a fixed interval, or PHP code can be entered to evaluate a condition for a new newsletter issue to be sent. The module allows a user with the 'send scheduled newsletters'...
SA-CONTRIB-2012-141 - Mass Contact - Access bypass
This module allows anyone with permission to send a single message to multiple users of a site, using its roles functionality. The module doesn't sufficiently check permissions after the form has been submitted. This vulnerability is mitigated by the fact that an attacker must use a tool of some...
SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)
Inf08 is a valid XHTML 1.0 Strict / CSS 2.1 theme ported from the free CSS template. The theme contains an arbitrary script injection vulnerability XSS due to the fact that it fails to sanitize user supplied taxonomy vocabulary names before display. This vulnerability is mitigated by the fact tha...
SA-CONTRIB-2012-139 - PDFThumb OS Injection
PDFThumb module creates thumbnail images of PDF files. The module doesn't sufficiently escape user-entered values when executing commands on the server allowing an attacker to execute whatever commands are available to the web server user e.g. www-data. This vulnerability is mitigated by the fact...
SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)
The Exposed Filter Data facilitates displaying data posted to Views via an exposed filter. The module does not properly sanitize user-supplied data prior to output, leading to a Cross-Site Scripting XSS vulnerability. CVE: Requested Versions affected Exposed Filter Data 6.x-1.x versions prior to...
SA-CONTRIB-2012-137 - Heartbeat - Cross Site Request Forgery (CSRF) in heartbeat_comments
This module enables you to display activity for events on a site. The sub-modules heartbeatcomments and shouts don't sufficiently check the heartbeat comment post values making it possible for an attacker to cause a user to unknowingly make comments. CVE: Requested Versions affected...
SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)
Apache Solr Search Autocomplete module enables you to add autocomplete capabilities to the search text field for the Apache Solr Search Integration module. The module doesn't sufficiently filter the autocomplete results sent back from the Drupal site, so under the scenario where someone provided ...
SA-CONTRIB-2012-131 - Email Field - Access Bypass
The email module provides a field type CCK / FieldAPI for storing email addresses. Furthermore, it provides a formatter to output the email address as a link to a contact form. The contact form formatter allows a site visitor to email the stored address without letting them see what that e-mail...
SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution
The taxonomyimage module allows site administrators to associate images with taxonomy terms. The module did not sufficiently filter retrieval of taxonomy images, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This...
SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention
This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...
SA-CONTRIB-2012-130 - Jstool - Multiple Vulnerabilities
Javascript Tool enables administrators to edit any javascript file online from an admin panel. The module does not protect its menu paths, which contain sensitive information about all javascript files on the site and their contents. The module does not validate filenames which can lead to...
SA-CONTRIB-2012-129 - Activism - Access Bypass
The Activism module is an attempt to standardize the way online advocacy tools are built in Drupal 6. It ships with and creates a "Campaign" content type which is always viewable, even when an administrator unpublishes it or otherwise restricts viewing access. CVE: Requested Versions affected...
SA-CONTRIB-2012-132 - Announcements - Access Bypass
The Announcements module creates an "announcement" content type and provides both node views and block lists. The module doesn't sufficiently check node access under certain conditions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access...
SA-CONTRIB-2012-134 - Views - Privilege Escalation
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on...
SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS)
The Hotblocks module provides an enhanced GUI for administering blocks and block content that is intended to be simpler and more controllable for less privileged users than the default block administration tools. Cross Site Scripting XSS The module doesn't sufficiently sanitize the user input for...
SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability
The Custom Publishing Options module allows you to create custom publishing options for nodes. It allows you to add to the default options of Publish, Promote to Front Page, and Sticky. It also ingrates with views to allow you add as a field, sort and filter by, your custom options. The module...
SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)
Elegant Theme is a light weight Drupal 7 theme with a modern look and feel. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have ...
SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)
The Better Revisions module changes the built-in revision log text area to a customizable select list with an optional description field. It also allows an administrator to make the list and/or description field required. The module doesn't sufficiently validate strings entered in the...
SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion and Cross Site Scripting (XSS)
The Chaos tool suite is primarily a set of APIs and tools to improve the developer experience. The module doesn't sufficiently validate css import statements to confirm they only include css content appropriate to show to end users. This could allow a malicious user to add sensitive content from...
SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass
The Shibboleth authentication module provides user authentication with Shibboleth single sign-on systems both v1.3 and v2.0 as well as some authorization features automatic role assignment based on Shibboleth attributes. The module doesn't sufficiently confirm the user's active status in Drupal...
SA-CONTRIB-2012-124 - Mime Mail - Access Bypass
The MIME Mail module allows users to send MIME-encoded e-mail messages with embedded images and attachments. The module doesn't perform proper access checks, allowing a user to send arbitrary e.g. the settings.php files as attachments. In the latest version users must have the "send arbitrary...
SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)
The Shorten URLs module provides an API to shorten URLs via many services like bit.ly and TinyURL, as well as a block and a page that provide an interface for easily shortening URLs. Cross Site Scripting via report The module doesn't sufficiently sanitize user input when displaying shortened URLs...
SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS)
Excluded Users is a helper module which allows administrators to select users to not appear in user listings. The module displays a list of user names and email addresses without sanitizing them. In the event that someone manages to insert malicious code into a user name or email address, this...
SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass (unsupported)
This module generates a monthly archive and block for specified node types, as well as an archive and block for whichever collection of node types you specify. The module doesn't sufficiently ensure node access for sites that use a node access system. This vulnerability is mitigated by the fact...
SA-CONTRIB-2012-117 - Location - Access Bypass
The Location module allows real-world geographic locations to be associated with Drupal nodes, including people, places, and other content. The Location Search sub-module adds a search page for searching for locations. The Location Search module fails to enforce content and user access permission...
SA-CONTRIB-2012-118 - Secure Login - Open Redirect
Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. In addition, Secure Login module by default redirects non-HTTPS GET requests for pages containing forms that i...
SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)
Gallery formatter provides a field formatter for images that turns the fields into jQuery galleries. The module did not properly escape input from the user before printing it to the browser, allowing malicious users to inject script code into the page. This vulnerability is mitigated by the fact...
SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF) and Access Bypass
The Subuser module allows users to be given the permission to create subusers. The subusers may then be automatically assigned a role or roles. The parent user then has the ability to manage the subusers they have created. A parent user is allowed to assume the role of a subuser they created swit...
SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS)
This module enables you to integrate Campaign Monitor into Drupal so you can give users the ability to subscribe and unsubscribe for your Campaign Monitor lists. The module doesn't sufficiently validate strings entered in the administration interface. This vulnerability is mitigated by the fact...
SA-CONTRIB-2012-111 - Security Questions - Access Bypass
This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...
SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow guideline/specification
The Ubercart SecureTrading Payment Method module provides an Ubercart payment method for the SecureTrading.com gateway. The module's payment method did not properly verify the validity of payment notification information. A malicious user could trick a site into thinking that an item has been pai...
SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...
SA-CONTRIB-2012-107 - Search autocomplete - Access bypass
This module allows you to add autocomplete functionality to virtually any fields of a Drupal site. The module doesn't sufficiently protect access to the module admin page. This vulnerability is mitigated by the fact that the user can only access the page, disable an autocompletion or change...
SA-CONTRIB-2012-106 - Listhandler - Access Bypass
Listhandler is a module that marries mailing list discussions and Drupal forums. The module doesn't sufficiently check the permissions of comment authors when importing emails. CVE: CVE-2012-4470 Versions affected All Listhandler 6.x-1.x versions. Drupal core is not affected. If you do not use th...
SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution
Important note: Most of the vulnerabilities discussed below can be exploited when the Drag & Drop Gallery module is disabled on a Drupal site. See Solution below for details. The Drag & Drop Gallery creates a gallery node type that allows you add images to the gallery by dragging and dropping...
SA-CONTRIB-2012-109 - Restrict node page view - Access bypass
This module enables you to disable direct access to node pages node/XXX based on nodetypes and permissions. The module issues a NODEACCESSALLOW if it's permissions are met, but does not respect the "administer nodes" or "access own unpublished content" permissions. The consequence is that this...
SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)
Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn't sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into t...
SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)
The Hashcash project is an implementation of a Proof Of Work POW or Puzzle scheme where users of a service have to do computational work to have their request granted. In the case of the Drupal Hashcash project, the service is 'form submission' and the Proof Of Work is a token that causes a parti...
SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)
The Privatemsg module allows users to send private messages between to each other. The module doesn't sufficiently sanitize user names when creating messages. This vulnerability is mitigated by the fact that it is not possible to create insecure user names through the default user interface. The...
SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)
The Simple Meta module provides a method to set meta tags, such as page title, description and keywords for nodes, views and other pages. The module doesn't sufficiently confirm user intent when adding and deleting meta tag entries allowing a malicious user to trick a site admin into deleting...
SA-CONTRIB-2012-098 - Janrain Capture - Open Redirect
This module allows for authentication through the cloud user-management platform Janrain Capture. Part of the module exposes an endpoint to re-synchronize user data between Drupal and Capture and allows for passing an optional parameter to redirect the user back to an original location. This...
SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF)
Node Hierarchy module allows for the creation of parent child relationships among nodes that can create a tree-like hierarchy of content. The module doesn't sufficiently confirm user intent when reordering children nodes allowing a malicious user to trick a site admin to changing the desired...
SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID
This module enables you to replace the default Ubercart shopping cart block with an AJAX-enabled one. The module includes the user's current session ID in one of its JavaScript settings keys on every page load which could be intercepted if the user's connection is not over SSL. This vulnerability...
SA-CONTRIB-2012-101 - Protected Node - Access Bypass
The Protected Node module enables users to use a password to restrict access to an individual node or all nodes of a node type. The module doesn't sufficiently protect node access when nodes are accessed outside of the standard node view i.e. node/1 is protected but other lists are not. CVE:...
SA-CONTRIB-2012-103 - Global Redirect - Open Redirect
This module improves SEO and usability of a site by redirecting visitors to user-friendly and search-engine-friendly URLs. The module does not sufficiently validate that a destination URL is internal to the site, allowing an attacker to disguise a malicious destination address as a query paramete...
SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass
The Organic Groups module enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. Cross Site Scripting The module doesn't sufficiently filter user supplied text when used in connectio...
SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)
This module creates an input format suitable for use within a WYSIWYG editor. It adds support for the iframe HTML tag, making it friendly with the popular iframe embeds available in popular video sites like YouTube and Vimeo. It supports the script tag too. Both tags will only be allowed if the...
SA-CONTRIB-2012-091 - Token Authentication - Access bypass
The Token Authentication module provides a token for use in the URL to authenticate users to a site. Under certain uncommon situations, the module may not revert a user's session properly. Depending on how tokenauth is used, this could result in subsequent requests being performed as a user with...
SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS)
Protest allows websites to display a complete page blackout website protest. The module contains a cross site scripting XSS vulnerability as it fails to sanitize user input before display. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administe...