NotCVE - vendor:"Drupal" product:"Drupal" version:"7.21"

Page 7 of 71 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0

CVE-2014-5022 – Mandriva Linux Security Advisory 2015-181

https://notcve.org/view.php?id=CVE-2014-5022

22 Jul 2014 — Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field. Vulnerabilidad de XSS en el sistema Ajax en Drupal 7.x anterior a 7.29 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores involucrando formas con un campo de texto habilitado por Ajax y un campo de fichero. Updated drupal packages fi... • http://www.debian.org/security/2014/dsa-2983 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 86EXPL: 0

CVE-2014-5019 – Mandriva Linux Security Advisory 2015-181

https://notcve.org/view.php?id=CVE-2014-5019

22 Jul 2014 — The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use. La funcionalidad múltisitios en Drupal 6.x anterior a 6.32 y 7.x anterior a 7.29 permite a atacantes remotos causar una denegación de servicio a través de una cabecera HTTP Host manipulada, relacionado con determinar qué fichero de configuración utilizar. Updated drupal packages fix multiple security v... • http://www.debian.org/security/2014/dsa-2983 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-2983 – Debian Security Advisory 2913-1

https://notcve.org/view.php?id=CVE-2014-2983

23 Apr 2014 — Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. Drupal 6.x anterior a 6.31 y 7.x anterior a 7.27 no aísla debidamente los datos en caché de usuarios anónimos diferentes, lo que permite a usuarios remotos anónimos obtener información sensible de entradas de formularios parciales en situaciones oportunista... • http://www.debian.org/security/2014/dsa-2913 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0

CVE-2014-1476 – Debian Security Advisory 2847-1

https://notcve.org/view.php?id=CVE-2014-1476

21 Jan 2014 — The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. El módulo Taxonomy en Drupal 7.x anteriores a 7.26, cuando es actualizado desde una versión anterior de Drupal, no restringe correctamente el acceso a contenido no publicado, lo cual permite a usuarios no autenticados obtener información sensible a través de una pág... • http://secunia.com/advisories/56260 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.8EPSS: 0%CPEs: 68EXPL: 0

CVE-2014-1475 – Debian Security Advisory 2847-1

https://notcve.org/view.php?id=CVE-2014-1475

21 Jan 2014 — The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. El módulo OpenID en Drupal v6.x anterior a v6.30 y v7.x anterior a v7.26 permite a usuarios OpenID remotos autenticarse como otros usuarios a través de vectores no especificados. The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. The Taxonomy module in Drupal 7.x befor... • http://secunia.com/advisories/56260 •

CVSS: 8.8EPSS: 5%CPEs: 78EXPL: 0

CVE-2013-6385 – Debian Security Advisory 2828-1

https://notcve.org/view.php?id=CVE-2013-6385

27 Nov 2013 — The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via application-specific vectors. La API de formularios en Drupal 6.x anteriores a 6.29 y 7.x anteriores a 7.24, cuando es utilizada con módulos no especificados de terceros, ejecuta validación del formulario incluso cuando la valida... • http://secunia.com/advisories/56148 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0

CVE-2013-6389 – Mandriva Linux Security Advisory 2013-287-1

https://notcve.org/view.php?id=CVE-2013-6389

27 Nov 2013 — Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el módulo Overlay de Drupal 7.x anterior a la versión 7.24 permite a atacantes remotos redirigir a usuarios hacia sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. Drupal core's Image module allows for the on-demand generation o... • http://www.debian.org/security/2013/dsa-2804 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0

CVE-2013-6387 – Mandriva Linux Security Advisory 2013-287-1

https://notcve.org/view.php?id=CVE-2013-6387

27 Nov 2013 — Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. Vulnerabilidad de cross-site scripting (XSS) en el módulo Image en Drupal 7.x anteriores a 7.24 permite a usuarios autenticados remotamente con ciertos permisos inyectar scripts web o HTML arbitrarios a través del campo de descripción. Drupal core's Image module allows for the on-demand generation o... • http://www.debian.org/security/2013/dsa-2804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 78EXPL: 0

CVE-2013-6386 – Debian Security Advisory 2828-1

https://notcve.org/view.php?id=CVE-2013-6386

27 Nov 2013 — Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack. Drupal 6.x anteriores a 6.29 y 7.x anteriores a 7.24 utilizan la función de PHP mt_rand para generar números aleatorios, la cual usa semillas predecibles y permite a atacantes remotos predecir cadenas de seguridad y sortear restricciones intencionadas a través de ata... • http://secunia.com/advisories/56148 • CWE-310: Cryptographic Issues •

CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0

CVE-2013-6388 – Mandriva Linux Security Advisory 2013-287-1

https://notcve.org/view.php?id=CVE-2013-6388

27 Nov 2013 — Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. Vulnerabilidad de cross-site scripting (XSS) en el módulo Color en Drupal 7.x anteriores a 7.24 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores relacionados con CSS. Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requestin... • http://www.debian.org/security/2013/dsa-2804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...5 6 7 8