CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2016-6212
https://notcve.org/view.php?id=CVE-2016-6212
09 Sep 2016 — The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors. El módulo Views 7.x-3.x en versiones anteriores a 7.x-3.14 en Drupal 7.x y el módulo Views en Drupal 8.x en versiones anteriores a 8.1.3 podrían permitir a usuarios remotos autenticados eludir restricciones destinadas al acceso y obtener información de Statistic... • http://www.openwall.com/lists/oss-security/2016/07/13/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 94%CPEs: 21EXPL: 0CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5385
19 Jul 2016 — PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issu... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.4EPSS: 0%CPEs: 143EXPL: 0CVE-2016-3164
https://notcve.org/view.php?id=CVE-2016-3164
12 Apr 2016 — Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation. Drupal 6.x en versiones anteriores a 6.38, 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 podría permitir a atacantes remotos llevar a cabo ataques de redirección abierta aprovechando (1) código personalizado o (2) un formulario mostrado en un página de error 4... • http://www.debian.org/security/2016/dsa-3498 •
CVSS: 8.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-3162
https://notcve.org/view.php?id=CVE-2016-3162
12 Apr 2016 — The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. El módulo File en Drupal 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y leer, eliminar o sustituir un enlace a un arch... • http://www.debian.org/security/2016/dsa-3498 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 94EXPL: 0CVE-2016-3170
https://notcve.org/view.php?id=CVE-2016-3170
12 Apr 2016 — The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. Los enlaces de "has olvidado tu contraseña" en el módulo User en Drupal 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 permiten a atacantes remotos obtener información sensible de nombre de usuario ... • http://www.debian.org/security/2016/dsa-3498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •