CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5515
https://notcve.org/view.php?id=CVE-2015-5515
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. Vulnerabilidad en el módulo Views Bulk Operations (VBO) 6.x-1.x y 7.x-3.x en versiones anteriores a 7.x-3.3 para Drupal, cuando la operación bulk para cambiar Roles está habilitada, permite a usuarios remotos autenticados editar cuentas de usuario y añadir roles arbtrarios a las cuentas aprovechando el acceso a una vista de un listado de cuentas de usuario con VBO habilitado. • http://www.openwall.com/lists/oss-security/2015/07/04/4 http://www.securityfocus.com/bid/75547 https://www.drupal.org/node/2516680 https://www.drupal.org/node/2516688 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2010-5277
https://notcve.org/view.php?id=CVE-2010-5277
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. Vulnerabilidad no especificada en el módulo Views Bulk Operations v6 antes de v6.x-1.10 para Drupal, permite a usuarios remotos autenticados con permisos de administración de usuario evitar restricciones de acceso y eliminar usuarios anónimos (usuarios 0) a través de vectores no especificados. • http://drupal.org/node/933596 http://drupal.org/node/933960 http://secunia.com/advisories/41696 http://www.securityfocus.com/bid/43813 https://exchange.xforce.ibmcloud.com/vulnerabilities/62316 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2237
https://notcve.org/view.php?id=CVE-2009-2237
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). Vulnerabilidad no especificada en Views Bulk Operations 5.x-1.x antes de 5.x-1.4 y 6.x-1.x ante de 6.x-1.7, un modulo para Drupal, permite a atacantes remotos evitar las restricciones de acceso previstas y modificar "nodos o clases de nodos" mediante vectores desconocidos, probablemente relacionado con procedimientos registrados (alias acciones). • http://drupal.org/node/468450 http://secunia.com/advisories/35117 http://www.securityfocus.com/bid/35051 https://exchange.xforce.ibmcloud.com/vulnerabilities/50659 •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2009-0575
https://notcve.org/view.php?id=CVE-2009-0575
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función theme_views_bulk_operations_confirmation en views_bulk_operations.module en Views Bulk Operations v5.x anteriores a v5.x-1.3 y v6.x anteriores a v6.x-1.4, un módulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados relacionados con los títulos de nodo. • http://drupal.org/node/369223 http://osvdb.org/51751 http://secunia.com/advisories/33836 http://www.securityfocus.com/bid/33622 https://exchange.xforce.ibmcloud.com/vulnerabilities/48516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •