2 results (0.003 seconds)

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors. El módulo Monthly Archive de Node Type v6.x para Drupal no comprueba correctamente permisos definidos por los módulos node_access, lo que permite a atacantes remotos acceder a los nodos restringidos a través de vectores no especificados. • http://drupal.org/node/1708198 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54768 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. La función week_post_page en Weekly Archive para el módulo Node Type v6.x anteriores v6.x-2.7 para Drupal no implementa de forma adecuada las restricciones de acceso al nodo cuando construyen preguntas SQL, lo que permite a atacantes remotos para leer listados de nodo restringidos a través de vectores no especificados. • http://drupal.org/node/723776 http://drupal.org/node/724286 http://osvdb.org/62565 http://secunia.com/advisories/38717 http://www.securityfocus.com/bid/38397 https://exchange.xforce.ibmcloud.com/vulnerabilities/56504 • CWE-264: Permissions, Privileges, and Access Controls •