Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8082 |
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules. Published: November 06, 2015; 4:59:15 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-8081 |
The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. Published: November 06, 2015; 4:59:13 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7881 |
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment. Published: October 26, 2015; 10:59:11 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7876 |
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. Published: October 21, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-7307 |
Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. Published: September 21, 2015; 3:59:11 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-7306 |
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission. Published: September 21, 2015; 3:59:10 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-7305 |
The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug context." Published: September 21, 2015; 3:59:09 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7304 |
Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. Published: September 21, 2015; 3:59:07 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-7234 |
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. Published: September 17, 2015; 12:59:13 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-7233 |
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors. Published: September 17, 2015; 12:59:12 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2015-7232 |
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 17, 2015; 12:59:11 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-7231 |
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb." Published: September 17, 2015; 12:59:10 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7230 |
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. Published: September 17, 2015; 12:59:09 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7229 |
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission. Published: September 17, 2015; 12:59:08 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7228 |
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensitive information via unspecified vectors. Published: September 17, 2015; 12:59:07 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7227 |
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. Published: September 17, 2015; 12:59:06 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-7226 |
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. Published: September 17, 2015; 12:59:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6921 |
Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors. Published: September 11, 2015; 4:59:03 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-6808 |
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. Published: September 04, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-6807 |
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label. Published: September 04, 2015; 11:59:04 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |