Page 2 of 7 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. El módulo Commons Wikis anterior a v7.x-3.1 para Drupal, como se utiliza en el módulo Commons anterior a v7.x-3.1, no restringe correctamente el acceso a grupos, lo que permite a ataques remotos poner contenido arbitrario a grupos mediante vectores no especificados. • http://osvdb.org/91747 http://packetstormsecurity.com/files/120995/Drupal-Common-Wikis-7.x-Access-Bypass-Privilege-Escalation.html http://seclists.org/fulldisclosure/2013/Mar/244 http://secunia.com/advisories/52766 http://secunia.com/advisories/52795 https://drupal.org/node/1954766 https://drupal.org/node/1954768 https://drupal.org/node/1954948 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. La función commons_discussion_views_default_views en modules/features/modules commons_discussion/commons_discussion.views_default.inc en el módulo Drupal Commons v6.x-2.x antes de v6.x-2.8 para Drupal no aplica correctamente las restricciones de acceso del nodo, lo que podría permitir a atacantes remotos obtener información sensible a través de la lista de comentarios recientes. • http://drupal.org/node/1679820 http://drupal.org/node/1679908 http://drupalcode.org/project/commons.git/commitdiff/8ef688b http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •