厂商或团体 drupal 的搜索结果 (300)

CVE-2016-3171(发布:2016-04-12 11:59:08)NM
CVSS6.8

[原文]Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.

CVE-2016-3170(发布:2016-04-12 11:59:07)NM
CVSS5.0

[原文]The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.

CVE-2016-3169(发布:2016-04-12 11:59:06)NM
CVSS6.8

[原文]The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.

CVE-2016-3168(发布:2016-04-12 11:59:05)NM
CVSS8.5

[原文]The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."

CVE-2016-3166(发布:2016-04-12 11:59:04)NM
CVSS4.3

[原文]CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers.

CVE-2016-3167(发布:2016-04-12 11:59:04)NM
CVSS6.4

[原文]Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.

12345678下一页尾页 第1页 / 共50页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站