Page 16 of 82 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." Vulnerabilidad de Falsificación de petición en sitios cruzados (CSRF) en versiones de Drupal 5.x anteriores a 5.8 y 6.X anteriores a 6.3 permite a atacantes remotos realizar acciones administrativas a través de vectores que impliquen la supresión de "cadenas traducidas". • http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43702 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce& • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. Vulnerabilidad de Falsificación de petición en sitios cruzados (CSRF) en versiones de Drupal 6.X anteriores a 6.3 permite a atacantes remotos realizar acciones administrativas a través de vectores que impliquen la supresión de identidades OpenID. • http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. Una vulnerabilidad de fijación de sesión en Drupal versiones 5.x anteriores a 5.9 y versiones 6.x anteriores a 6.3, cuando los módulos aportados "terminate the current request during a login event", permite a los atacantes remotos secuestrar sesiones web por medio de vectores desconocidos. • http://drupal.org/node/280571 http://drupal.org/node/286417 http://secunia.com/advisories/31079 http://secunia.com/advisories/31211 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 http://www.securityfocus.com/bid/30359 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43706 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.red • CWE-384: Session Fixation •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. El módulo Node Hierarchy 5.x anterior a 5.x-1.1 y 6.x anteriores a 6.x-1.0 para Drupal no implementa adecuadamente los controles de acceso, lo que permite a atacantes remotos con permiso de "acceso al contenido", evitar las restricciones y modificar la jerarquía a través de vectores de ataque indeterminados. • http://drupal.org/node/269473 http://secunia.com/advisories/30622 http://www.securityfocus.com/bid/29675 https://exchange.xforce.ibmcloud.com/vulnerabilities/43006 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. El menú de sistema en Drupal 6 anterior a 6.2 tiene configuraciones de menu incorrectas, que permiten a atacantes remotos (1) editar las páginas de perfil de usuarios a su elección, y obtener información sensible del (2) rastreador y (3) páginas de blog, relacionados con falta de comprobaciones de los permisos de "acceso a contenidos"; y (4) permite autenticación de usuarios remotos, con acceso a página de administración, para editar tipos de contenidos. • http://drupal.org/node/244637 http://secunia.com/advisories/29762 http://www.osvdb.org/44270 http://www.securityfocus.com/bid/28714 http://www.vupen.com/english/advisories/2008/1185/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41755 •