CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1907
https://notcve.org/view.php?id=CVE-2013-1907
The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. El módulo Commons Group anterior a 7.x-3.1 para Drupal utilizado en el módulo Commons anterior a 7.x-3.1, no restringe adecuadamente el acceso a los grupos, lo que permite a atacantes remotos la publicación de contenido arbitrario a través de vectores no especificados. • http://osvdb.org/91748 http://packetstormsecurity.com/files/120991/Drupal-Common-Groups-7.x-Access-Bypass-Privilege-Escalation.html http://seclists.org/fulldisclosure/2013/Mar/242 http://secunia.com/advisories/52769 http://secunia.com/advisories/52795 https://drupal.org/node/1954762 https://drupal.org/node/1954764 https://drupal.org/node/1954948 https://exchange.xforce.ibmcloud.com/vulnerabilities/83133 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1908
https://notcve.org/view.php?id=CVE-2013-1908
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. El módulo Commons Wikis anterior a v7.x-3.1 para Drupal, como se utiliza en el módulo Commons anterior a v7.x-3.1, no restringe correctamente el acceso a grupos, lo que permite a ataques remotos poner contenido arbitrario a grupos mediante vectores no especificados. • http://osvdb.org/91747 http://packetstormsecurity.com/files/120995/Drupal-Common-Wikis-7.x-Access-Bypass-Privilege-Escalation.html http://seclists.org/fulldisclosure/2013/Mar/244 http://secunia.com/advisories/52766 http://secunia.com/advisories/52795 https://drupal.org/node/1954766 https://drupal.org/node/1954768 https://drupal.org/node/1954948 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-4483
https://notcve.org/view.php?id=CVE-2012-4483
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. La función commons_discussion_views_default_views en modules/features/modules commons_discussion/commons_discussion.views_default.inc en el módulo Drupal Commons v6.x-2.x antes de v6.x-2.8 para Drupal no aplica correctamente las restricciones de acceso del nodo, lo que podría permitir a atacantes remotos obtener información sensible a través de la lista de comentarios recientes. • http://drupal.org/node/1679820 http://drupal.org/node/1679908 http://drupalcode.org/project/commons.git/commitdiff/8ef688b http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •