Page 20 of 195 results (0.005 seconds)

CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0

Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." Drupal v7.x antes de v7.16 permite a atacantes remotos obtener información sensible y posiblemente reinstalar Drupal y ejecutar código PHP arbitrario a través de un servidor de base de datos externa, relacionado con "las condiciones transitorias". • http://drupal.org/node/1815904 http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. Drupal 7.x anterior a 7.14 no restringe el acceso de forma adecuada a nodos en un listado cuando es usado "contributed node access module", lo que permite a usuarios autenticados de forma remota con "Acceso al contenido de la página" con permiso de lectura de nodos publicados accediendo a la página admin/content. • http://drupal.org/drupal-7.14 http://drupal.org/node/1557938 http://drupal.org/node/1558478 http://drupalcode.org/project/drupal.git/commit/c6d2b8311b82fe78d18732f01a68ceca3dea50af http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53362 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 79EXPL: 2

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. La función request_path en includes/bootstrap.inc en Drupal v7.14 y anteriores, permite a atacantes remotos obtener información sensible a través del parámetro q[] sobre index.php, lo que revela el path de instalación en un mensaje de error. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html http://osvdb.org/81817 http://secunia.com/advisories/49131 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/08/02/8 http://www.securityfocus.com/bid/53454 https://exchange.xforce.ibmcloud.com/vulnerabilities/75531 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 1%CPEs: 30EXPL: 0

Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. Vulnerabilidad de complejidad algorítmica en la función _filter_url en el sistema de filtrado de texto (modules/filter/filter.module) en Drupal v7.x anterior a v7.4 permite a usuarios remotos autenticados con ciertos roles generar una denegación de servicio (consumo de CPU) a través de una dirección de correo electrónico larga. • http://drupal.org/drupal-7.14 http://drupal.org/node/1557938 http://drupal.org/node/1558468 http://drupalcode.org/project/drupal.git/commit/db79496ae983447506f016a20738c3d7e5d059fa http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53368 • CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. Vulnerabilidad de redirección abierta en Form API en Drupal v7.x antes de v7.13 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de parámetros modificados en una dirección URL de destino. • http://drupal.org/node/1557938 http://jvn.jp/en/jp/JVN45898075/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045 http://osvdb.org/81679 http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53365 • CWE-20: Improper Input Validation •