Drupal Core – Multiple Vulnerabilities
Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.
Continue reading ...Drupal 8.3.4 and Drupal 7.56 are maintenance releases which contain fixes for security vulnerabilities.
Continue reading ...Description: This is a critical Drupal core vulnerability that allows to bypass access control.
Continue reading ...Description: Drupal 8.2.7 is now available as a maintenance release which contains fixes for security vulnerabilities.
Continue reading ...Decription: Multiple Vulnerabilities had been recently addressed by the Drupal team. List: Inconsistent name for MySQL term access query – information on taxonomy terms might have been disclosed to unprivileged users. Incorrect cache context on password reset page – unwanted content on the password reset page Confirmation forms allow external URLs to be injected – […]
Continue reading ...Decription: Multiple Vulnerabilities had been recently fixed by drupal team. Changes: Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. An attacker could create a specially crafted url, which could execute arbitrary code in the […]
Continue reading ...Decription: Drupal 8 uses the third-party PHP library Guzzle for making server-side HTTP requests. An attacker can provide a proxy server that Guzzle will use. The details of this are explained at https://httpoxy.org/. Affected versions: Drupal core 8.x versions prior to 8.1.7 Recommended action: Install the latest version: If you use Drupal 8.x, upgrade to […]
Continue reading ...Decription: There will be multiple releases of Drupal contributed modules on Wednesday July 13th 2016 16:00 UTC that will fix highly critical remote code execution vulnerabilities (risk scores up to 22/25) The following modules have security releases that are now available, listed in order of severity. There are no more releases planned for today. RESTWS […]
Continue reading ...Decription: Multiple vulnerabilities have been recently fixed in Drupal core: Saving user accounts can sometimes grant the user all roles (User module – Drupal 7) A vulnerability exists in the User module, where if some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all […]
Continue reading ...Multiple vulnerabilities had been recently announced by the Drupal developers. Description summary: File upload access bypass and denial of service Brute force amplification attacks via XML-RPC Open redirect via path manipulation Form API ignores access restrictions on submit buttons >HTTP header injection using line breaks Open redirect via double-encoded ‘destination’ parameter Reflected file download vulnerability […]
Continue reading ...