Page 30 of 159 results (0.019 seconds)

CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 2

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. La interfaz de selección de nodos en el editor WYSIWYG (CKEditor) en Node Embed module v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x, anterior a v7.x-1.0 para Drupal no comprueba correctamente los permisos y permite a atacantes remotos eludir restricciones de acceso y destinados a leer los títulos de los nodos. • http://drupal.org/node/1618428 http://drupal.org/node/1618430 http://drupal.org/node/1619824 http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c http://drupalcode.org/project/node_embed.git/commitdiff/d06f022 http://secunia.com/advisories/48348 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82735 http://www.securityfocus.com/bid/53835 https://exchange.xforce.ibmcloud.com/vulnerabilities/76148 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 1

Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. Una vulnerabilidad de falsificación de peticiones en sitios cruzados(CSRF) en el BrowserID (Mozilla Persona) Módulo v7.x-1.x anterior a v7.x-1.3 para Drupal permite a atacantes remotos secuestrar la autenticación de los usuarios arbitrarios para las solicitudes de ese inicio de sesión de un usuario a otro del sitio web. • http://drupal.org/node/1597414 http://drupalcode.org/project/browserid.git/commitdiff/5e5cdcd http://secunia.com/advisories/49227 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82466 http://www.securityfocus.com/bid/53673 https://drupal.org/node/1596464 https://exchange.xforce.ibmcloud.com/vulnerabilities/75869 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0

Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. Vulnerabilidad de redirección abierta en el módulo Global Redirect v6.x-1.x anteriores a v6.x-1.4 y v7.x-1.x anteriores a v7.x-1.4 para Drupal, cuando «non-clean to clean» está activado, permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de de una URL en el parámetro q. • http://drupal.org/node/1633054 http://drupal.org/node/768244 http://secunia.com/advisories/49523 http://www.madirish.net/?article=460 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82959 http://www.securityfocus.com/bid/54002 https://drupal.org/node/1378116 https://drupal.org/node/1378118 https://exchange.xforce.ibmcloud.com/vulnerabilities/76293 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 79EXPL: 2

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. La función request_path en includes/bootstrap.inc en Drupal v7.14 y anteriores, permite a atacantes remotos obtener información sensible a través del parámetro q[] sobre index.php, lo que revela el path de instalación en un mensaje de error. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html http://osvdb.org/81817 http://secunia.com/advisories/49131 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/08/02/8 http://www.securityfocus.com/bid/53454 https://exchange.xforce.ibmcloud.com/vulnerabilities/75531 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 1%CPEs: 30EXPL: 0

Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address. Vulnerabilidad de complejidad algorítmica en la función _filter_url en el sistema de filtrado de texto (modules/filter/filter.module) en Drupal v7.x anterior a v7.4 permite a usuarios remotos autenticados con ciertos roles generar una denegación de servicio (consumo de CPU) a través de una dirección de correo electrónico larga. • http://drupal.org/drupal-7.14 http://drupal.org/node/1557938 http://drupal.org/node/1558468 http://drupalcode.org/project/drupal.git/commit/db79496ae983447506f016a20738c3d7e5d059fa http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.securityfocus.com/bid/53368 • CWE-399: Resource Management Errors •