User: Password:
Subscribe / Log in / New account

drupal7: multiple vulnerabilities

Package(s):drupal7 CVE #(s):CVE-2014-1475 CVE-2014-1476
Created:January 21, 2014 Updated:February 17, 2014
Description: From the Debian advisory:

CVE-2014-1475: Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

CVE-2014-1476: Matt Vance and Damien Tournoud reported an access bypass vulnerability in the taxonomy module. Under certain circumstances, unpublished content can appear on listing pages provided by the taxonomy module and will be visible to users who should not have permission to see it.

Mageia MGASA-2014-0031 drupal 2014-01-31
Fedora FEDORA-2014-0980 drupal6 2014-01-25
Fedora FEDORA-2014-0999 drupal6 2014-01-25
Fedora FEDORA-2014-0983 drupal7 2014-01-25
Fedora FEDORA-2014-1015 drupal7 2014-01-25
Debian DSA-2847-1 drupal7 2014-01-20
Mandriva MDVSA-2014:031 drupal 2014-02-14
Debian DSA-2851-1 drupal6 2014-02-02

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds