Download
| Alert*
oval:org.secpod.oval:def:107296
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:107287 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:107345 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:107383 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:107772 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:109264 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:109265 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:602214 Several vulnerabilities were discovered in Drupal, a content management framework: CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack. CVE-2015-6659 The SQL comment filtering system could a ... oval:org.secpod.oval:def:109490 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:109496 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:109498 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:109489 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:601274 An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other u ... oval:org.secpod.oval:def:601275 An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other u ... oval:org.secpod.oval:def:601744 A denial of service vulnerability was discovered in Drupal, a fully-featured content management framework. A remote attacker could exploit this flaw to cause CPU and memory exhaustion and the site"s database to reach the maximum number of open connections, leading to the site becoming unavailable or ... oval:org.secpod.oval:def:111649 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:116194 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:116191 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:114274 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:114273 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:53309 A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-004 oval:org.secpod.oval:def:1900387 Drupal core 7.x versions before 7.57 when using Drupal"s private filesystem, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is ... oval:org.secpod.oval:def:114354 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:114348 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:1900449 Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external s ... oval:org.secpod.oval:def:1900445 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.check Plain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML . This function does not correctly handle all methods of injecting malicious HTML, leading to across-sit ... oval:org.secpod.oval:def:1900456 A jQuery cross site scripting vulnerability is present when making Ajaxrequests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core ... oval:org.secpod.oval:def:53079 Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to ... oval:org.secpod.oval:def:1900858 The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. oval:org.secpod.oval:def:1900897 Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. oval:org.secpod.oval:def:1901322 The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. oval:org.secpod.oval:def:116573 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:116571 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:116570 Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure. oval:org.secpod.oval:def:54508 A cross-site scripting vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-006 . |