Page 11 of 402 results (0.015 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. Vulnerabilidad CSRF en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que eliminen información de la base de datos a través de vectores que involucran la API Drupal Form. • http://osvdb.org/97203 http://seclists.org/fulldisclosure/2013/Sep/64 http://www.openwall.com/lists/oss-security/2013/10/21/5 https://drupal.org/node/2087055 https://exchange.xforce.ibmcloud.com/vulnerabilities/87052 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 1

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_policy.admin.inc en el módulo Password Policy v6.x-1.x anterior a v6.x-1.6 y v7.x-1.x anterior a v7.x-1.5 para Drupal, lo que permite a usuarios remotos autenticados con el permiso "Administer policies" inyectar secuencias de comandos web o HTML arbitrarias a través del campo "Password Expiration Warning" en la página admin/config/people/password_policy/add. • http://www.madirish.net/557 http://www.openwall.com/lists/oss-security/2013/08/22/2 http://www.securityfocus.com/bid/61780 https://drupal.org/node/2065241 https://drupal.org/node/2065387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. El módulo Login Security v6.x-1.x anterior a v6.x-1.3 y v7.x-1.x anterior a v7.x-1.3 para Drupal, cuando se utiliza la opción de retraso de inicio de sesión, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un gran número de intentos de conexión fallidos. • http://www.openwall.com/lists/oss-security/2013/06/20/3 https://drupal.org/node/2023503 https://drupal.org/node/2023507 https://drupal.org/node/2023585 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. El módulo Fast Permissions Administration v6.x-2.x anterior a v6.x-2.5 y v7.x-2.x anterior a v7.x-2.3 para Drupal no restringe adecuadamente el acceso a la función de llamada de modelo de contenidos lo que permite a atacantes remotos obtener acceso no especificado en el formulario de edición permisos. • http://www.openwall.com/lists/oss-security/2013/07/06/3 https://drupal.org/node/2028417 https://drupal.org/node/2028421 https://drupal.org/node/2028813 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. El módulo de acceso de referencia al usuario Node 6.x-3.x anteior a 6.x-3.5 y 7.x-3.x anteior a 7.x-3.10 para Drupal no restringe adecuadamente el acceso al contenido que contiene un campo de referencia al usuario cuando el autor actualiza o elimina permisos y la cuenta de dicho autor es eliminada, lo que permite a atacantes remotos modificar el contenido a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/05/29/9 https://drupal.org/node/2007072 https://drupal.org/node/2007078 https://drupal.org/node/2007122 • CWE-264: Permissions, Privileges, and Access Controls •