CVE-2014-1475

Related Files

Mandriva Linux Security Advisory 2014-031

Posted Feb 15, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-031 - The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. The updated packages has been upgraded to the 7.26 version which is unaffected by these security flaws.

tags | advisory, remote

systems | linux, mandriva

advisories | CVE-2014-1475, CVE-2014-1476

SHA-256 | 38a8b456f1ddaea726c4ddda8c19d3cab055f6fca0243709c53c847616e62e95

Download | Favorite | View

Debian Security Advisory 2851-1

Posted Feb 3, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2851-1 - Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts.

tags | advisory

systems | linux, debian

advisories | CVE-2014-1475

SHA-256 | 7ff5149651769ab685a8d22ecf1f421379747a2cb78fb7db2b2e6b44399f57ff

Download | Favorite | View

Debian Security Advisory 2847-1

Posted Jan 21, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2847-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2014-1475, CVE-2014-1476

SHA-256 | aa18c02a1e2bc92bf8e6cbaf332041d96c7fbb2e5309c8aaa2138487acb989b7

Download | Favorite | View