CVE-2014-1475
https://notcve.org/view.php?id=CVE-2014-1475
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. El módulo OpenID en Drupal v6.x anterior a v6.30 y v7.x anterior a v7.26 permite a usuarios OpenID remotos autenticarse como otros usuarios a través de vectores no especificados. • http://secunia.com/advisories/56260 http://secunia.com/advisories/56601 http://www.debian.org/security/2014/dsa-2847 http://www.debian.org/security/2014/dsa-2851 http://www.mandriva.com/security/advisories?name=MDVSA-2014:031 http://www.securityfocus.com/bid/64973 https://drupal.org/SA-CORE-2014-001 •
CVE-2014-1476
https://notcve.org/view.php?id=CVE-2014-1476
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. El módulo Taxonomy en Drupal 7.x anteriores a 7.26, cuando es actualizado desde una versión anterior de Drupal, no restringe correctamente el acceso a contenido no publicado, lo cual permite a usuarios no autenticados obtener información sensible a través de una página de listado. • http://secunia.com/advisories/56260 http://www.debian.org/security/2014/dsa-2847 http://www.mandriva.com/security/advisories?name=MDVSA-2014:031 http://www.securityfocus.com/bid/64973 https://drupal.org/SA-CORE-2014-001 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0205
https://notcve.org/view.php?id=CVE-2013-0205
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo RESTful Web Services (restws) v7.x-1.x anterior a v7.x-1.2 y v7.x-2.x anterior a v7.x-2.0-alpha4 para Drupal, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección a traves de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2013/01/21/5 https://drupal.org/node/1890212 https://drupal.org/node/1890216 https://drupal.org/node/1890222 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-4554 – Drupal OpenID External Entity Injection
https://notcve.org/view.php?id=CVE-2012-4554
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. El módulo OpenID en Drupal v7.x antes de v7.16 permite a servidores OpenID remotos leer archivos arbitrarios mediante una declaración DOCTYPE manipulada en un archivo XRDS. • http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4553
https://notcve.org/view.php?id=CVE-2012-4553
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." Drupal v7.x antes de v7.16 permite a atacantes remotos obtener información sensible y posiblemente reinstalar Drupal y ejecutar código PHP arbitrario a través de un servidor de base de datos externa, relacionado con "las condiciones transitorias". • http://drupal.org/node/1815904 http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •