2 results (0.001 seconds)

CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. Drupal v6.x anteriores a v6.x-2.6, un modulo de Drupal, permite a usuarios autenticados evitar las restricciones de acceso y (1) leer contenido sin publicar de usuarios anónimos cuando una vista esta configurada para mostrar contenido, y (2) leer contenido privado en peticiones generadas. • http://drupal.org/node/488068 http://drupal.org/node/488082 http://secunia.com/advisories/35425 http://www.securityfocus.com/bid/35304 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. Nodequeue v5.x anteriores a v5.x-2.7 y v6.x anteriores a v6.x-2.2, un modulo para Drupal, nos restringe adecuadamente cuando se visualizan los títulos de nodo, lo que tiene un impacto y vectores desconocidos. • http://drupal.org/node/488092 http://drupal.org/node/488102 http://drupal.org/node/488104 http://secunia.com/advisories/35424 http://www.securityfocus.com/bid/35305 • CWE-264: Permissions, Privileges, and Access Controls •