Page 29 of 194 results (0.016 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." Vulnerabilidad de Falsificación de petición en sitios cruzados (CSRF) en versiones de Drupal 5.x anteriores a 5.8 y 6.X anteriores a 6.3 permite a atacantes remotos realizar acciones administrativas a través de vectores que impliquen la supresión de "cadenas traducidas". • http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43702 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce& • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. Vulnerabilidad de Falsificación de petición en sitios cruzados (CSRF) en versiones de Drupal 6.X anteriores a 6.3 permite a atacantes remotos realizar acciones administrativas a través de vectores que impliquen la supresión de identidades OpenID. • http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. Una vulnerabilidad de fijación de sesión en Drupal versiones 5.x anteriores a 5.9 y versiones 6.x anteriores a 6.3, cuando los módulos aportados "terminate the current request during a login event", permite a los atacantes remotos secuestrar sesiones web por medio de vectores desconocidos. • http://drupal.org/node/280571 http://drupal.org/node/286417 http://secunia.com/advisories/31079 http://secunia.com/advisories/31211 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 http://www.securityfocus.com/bid/30359 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43706 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.red • CWE-384: Session Fixation •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en el módulo Aggregation 5.x versiones anteriores a 5.x-4.4 módulo Aggregation permiten a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://drupal.org/node/269479 http://secunia.com/advisories/30618 http://www.securityfocus.com/bid/29677 https://exchange.xforce.ibmcloud.com/vulnerabilities/43010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Aggregation 5.x versiones anteriores a 5.x-4.4 para Drupal permiten a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/269479 http://secunia.com/advisories/30618 http://www.securityfocus.com/bid/29677 https://exchange.xforce.ibmcloud.com/vulnerabilities/43008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •