Latest news module drupal hosting
* Advisory ID: DRUPAL-SA-CONTRIB-2017-045
* Project: Webform Multiple File Upload (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 10/25 ( Moderately Critical)
* Vulnerability: Access bypass
This module enables you to upload multiple files at once in a webform.
The module doesn't sufficiently check access to file deletion urls.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to edit all or their own webform submissions.
Submitted by Drupion Support on 10 May 2017 11:15
* Advisory ID: DRUPAL-SA-CONTRIB-2017-046
* Project: Drupal Remote Dashboard (third-party module)
* Version: 8.x
* Date: 2017-May-10
* Security risk: 17/25 ( Critical)
* Vulnerability: Access bypass, Information Disclosure
This module enables you to remotely access remote Drupal sites to monitor and
manage them all from one central place.
Submitted by Drupion Support on 10 May 2017 11:15
* Advisory ID: DRUPAL-SA-CONTRIB-2017-047
* Project: DRD agent (third-party module)
* Version: 6.x, 7.x, 8.x
* Date: 2017-May-10
* Security risk: 19/25 ( Critical)
* Vulnerability: Cross Site Request Forgery, Open Redirect
The Drupal Remote Dashboard (DRD) module enables you to manage and monitor
any remote Drupal site and, this module, the DRD Agent is the remote module
which responds to requests from authorised DRD sites.
Submitted by Drupion Support on 10 May 2017 11:15
* Advisory ID: DRUPAL-SA-CONTRIB-2017-044
* Project: Media (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 16/25 ( Critical)
* Vulnerability: Information Disclosure, Arbitrary PHP code execution,
Multiple vulnerabilities
This module provides intuitive ways to manage large libraries of media,
insert or display or import various types of media either through fields or a
wysiwyg interface.
Submitted by Drupion Support on 10 May 2017 10:15
* Advisory ID: DRUPAL-SA-CONTRIB-2017-043
* Version: 7.x
* Date: 2017-May-03
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Access bypass, Information Disclosure
This module enables you to login via Shibboleth.
The module doesn't sufficiently logout the user when the shib session
expires, which depending on the caching mechanism makes private data public.
Submitted by Drupion Support on 3 May 2017 09:45
* Advisory ID: DRUPAL-SA-CORE-2017-002
* Project: Drupal core
* Version: 8.x
* Date: 2017-April-19
* CVEID: CVE-2017-6919
* Security risk: 17/25 ( Critical)
* Vulnerability: Access bypass
This is a critical access bypass vulnerability. A site is only affected by
this is the following conditions are met:
Submitted by Drupion Support on 19 April 2017 15:15
* Advisory ID: DRUPAL-SA-CONTRIB-2014-041
* Project: Open Atrium Core (third-party module), OA Comment (third-party module)
* Version: 7.x
* Date: 2017-April-12
* Security risk: 11/25 ( Moderately Critical)
* Vulnerability: Information Disclosure
Submitted by Drupion Support on 12 April 2017 13:30
* Advisory ID: DRUPAL-SA-CONTRIB-2017-042
* Project: Media (third-party module)
* Date: 12-Apr-2017
The Media module provides an extensible framework for managing files and
multimedia assets, regardless of whether they are hosted on your own site or
a 3rd party site - it is commonly referred to as a 'file browser to the
internet'.
* Only the 1.x branch is affected. The 2.x branch does not have this
vulnerability.
Submitted by Drupion Support on 12 April 2017 13:30
* Advisory ID: DRUPAL-SA-CONTRIB-2017-39
* Project: Scheduler Workbench Integration (third-party module)
* Date: 12-Apr-2017
Provides integration between the Scheduler module and the Workbench
Moderation module.
The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466
Submitted by Drupion Support on 12 April 2017 12:30
* Advisory ID: DRUPAL-SA-CONTRIB-2017-040
* Project: @Base (third-party module)
* Date: 2017-April-12
Provide some more API for developer to work with Drupal 7.
The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466
Submitted by Drupion Support on 12 April 2017 12:30
Drupion Newsletter
Subscribe to the latest news on Drupal, Wordpress, releases, updates, security alerts.
Drupion Newsletter
Subscribe to the latest news on Drupal, Wordpress, releases, updates, security alerts.
2004-2017 Drupion Inc. All rights reserved.