Latest news module drupal hosting

* Advisory ID: DRUPAL-SA-CONTRIB-2017-045
* Project: Webform Multiple File Upload (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 10/25 ( Moderately Critical)
* Vulnerability: Access bypass

This module enables you to upload multiple files at once in a webform.
The module doesn't sufficiently check access to file deletion urls.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission to edit all or their own webform submissions.

Latest news module drupal hosting module enables you to remotely

Submitted by Drupion Support on 10 May 2017 11:15

* Advisory ID: DRUPAL-SA-CONTRIB-2017-046
* Project: Drupal Remote Dashboard (third-party module)
* Version: 8.x
* Date: 2017-May-10
* Security risk: 17/25 ( Critical)
* Vulnerability: Access bypass, Information Disclosure

This module enables you to remotely access remote Drupal sites to monitor and
manage them all from one central place.

Submitted by Drupion Support on 10 May 2017 11:15

* Advisory ID: DRUPAL-SA-CONTRIB-2017-047
* Project: DRD agent (third-party module)
* Version: 6.x, 7.x, 8.x
* Date: 2017-May-10
* Security risk: 19/25 ( Critical)
* Vulnerability: Cross Site Request Forgery, Open Redirect

The Drupal Remote Dashboard (DRD) module enables you to manage and monitor
any remote Drupal site and, this module, the DRD Agent is the remote module
which responds to requests from authorised DRD sites.

Submitted by Drupion Support on 10 May 2017 11:15

* Advisory ID: DRUPAL-SA-CONTRIB-2017-044
* Project: Media (third-party module)
* Version: 7.x
* Date: 2017-May-10
* Security risk: 16/25 ( Critical)
* Vulnerability: Information Disclosure, Arbitrary PHP code execution,
Multiple vulnerabilities

This module provides intuitive ways to manage large libraries of media,
insert or display or import various types of media either through fields or a
wysiwyg interface.

Submitted by Drupion Support on 10 May 2017 10:15

* Advisory ID: DRUPAL-SA-CONTRIB-2017-043

* Project: Shibboleth authentication
* Version: 7.x
* Date: 2017-May-03
* Security risk: 13/25 ( Moderately Critical)
* Vulnerability: Access bypass, Information Disclosure

This module enables you to login via Shibboleth.

The module doesn't sufficiently logout the user when the shib session
expires, which depending on the caching mechanism makes private data public.

Submitted by Drupion Support on 3 May 2017 09:45

* Advisory ID: DRUPAL-SA-CORE-2017-002
* Project: Drupal core
* Version: 8.x
* Date: 2017-April-19
* CVEID: CVE-2017-6919
* Security risk: 17/25 ( Critical)
* Vulnerability: Access bypass

Latest news module drupal hosting sufficiently check access to file

This is a critical access bypass vulnerability. A site is only affected by
this is the following conditions are met:

Submitted by Drupion Support on 19 April 2017 15:15

* Advisory ID: DRUPAL-SA-CONTRIB-2014-041
* Project: Open Atrium Core (third-party module), OA Comment (third-party module)
* Version: 7.x
* Date: 2017-April-12
* Security risk: 11/25 ( Moderately Critical)
* Vulnerability: Information Disclosure

Submitted by Drupion Support on 12 April 2017 13:30

* Advisory ID: DRUPAL-SA-CONTRIB-2017-042
* Project: Media (third-party module)
* Date: 12-Apr-2017

The Media module provides an extensible framework for managing files and
multimedia assets, regardless of whether they are hosted on your own site or
a 3rd party site - it is commonly referred to as a 'file browser to the
internet'.

* Only the 1.x branch is affected. The 2.x branch does not have this
vulnerability.

Submitted by Drupion Support on 12 April 2017 13:30

* Advisory ID: DRUPAL-SA-CONTRIB-2017-39
* Project: Scheduler Workbench Integration (third-party module)
* Date: 12-Apr-2017

Provides integration between the Scheduler module and the Workbench
Moderation module.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466

Submitted by Drupion Support on 12 April 2017 12:30

* Advisory ID: DRUPAL-SA-CONTRIB-2017-040
* Project: @Base (third-party module)
* Date: 2017-April-12

Provide some more API for developer to work with Drupal 7.

The security team is marking this module unsupported. There is a known
security issue with the module that has not been fixed by the maintainer. If
you would like to maintain this module, please read:
https://www.drupal.org/node/251466

Submitted by Drupion Support on 12 April 2017 12:30

Drupion Newsletter

Subscribe to the latest news on Drupal, Wordpress, releases, updates, security alerts.

Drupion Newsletter

Subscribe to the latest news on Drupal, Wordpress, releases, updates, security alerts.

2004-2017 Drupion Inc. All rights reserved.

Watch this video!

Related articles

Quick links module drupal hostingSubmitted by Benjamin Melançon on 2010, July 12 - 23:57 We will commonly want some people to have a convenient block of links they are likely to need, and not show this to other people. We can...
View search module drupal hostingHello, and welcome to DrupalModules.com, a community-powered rating and review service dedicated to helping you find the best Drupal modules for your project! Need help finding the right Drupal...
Simple gallery module drupal hostingThis module provides an integration between the popular Juicebox HTML5 responsive gallery library and Drupal. Juicebox is in many ways the successor of Simpleviewer and offers a powerful...
Feed aggregator module drupal hostingIs it fair to say that aggregator is retained in d7 core for legacy support, and that Feeds is the likely successor? Feeds covers more scenarios than aggregator, and appears to be better...
Webfm module drupal hostingI am creating a website archive that will allow users to upload various different types of media content including video, audio, images, documents and text. I want to make it easy for users to...