Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4595 |
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. Published: June 09, 2014; 3:55:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4596 |
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. Published: June 02, 2014; 11:55:10 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-3933 |
Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field. Published: June 02, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-4178 |
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP). Published: May 29, 2014; 10:19:07 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4177 |
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors. Published: May 29, 2014; 10:19:07 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4598 |
The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. Published: May 27, 2014; 10:55:10 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4380 |
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. Published: May 20, 2014; 10:55:04 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-4406 |
The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. Published: May 19, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4498 |
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. Published: May 17, 2014; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3453 |
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page. Published: May 17, 2014; 3:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-4552 |
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. Published: May 13, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4503 |
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options. Published: May 13, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-4502 |
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. Published: May 13, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4501 |
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. Published: May 13, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-4500 |
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option. Published: May 13, 2014; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7302 |
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID. Published: April 29, 2014; 10:38:49 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-7066 |
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. Published: April 29, 2014; 10:38:43 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-7068 |
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. Published: April 29, 2014; 10:38:43 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2013-7065 |
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. Published: April 29, 2014; 10:38:43 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-7064 |
Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values. Published: April 29, 2014; 10:38:43 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |