Search for packages
| purl | pkg:composer/drupal/core@6.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ctt-zm9j-17bx
Aliases: CVE-2016-3171 GHSA-69g8-g9jq-74v7 |
Session data truncation can lead to unserialization of user provided data Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation. |
Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-9wt5-xe6d-n3cb
Aliases: CVE-2016-3164 GHSA-836p-6p4j-35cg |
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-en3b-g3f3-a3e3
Aliases: CVE-2016-3163 GHSA-h3r9-pjmr-f938 |
Brute force amplification attacks via XML-RPC The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-h6yp-zj5e-zkbm
Aliases: CVE-2016-3166 GHSA-fg5q-r2q5-qmh3 |
HTTP header injection using line breaks CRLF injection vulnerability in the `drupal_set_header` function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. |
Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-mt37-qzh7-gyfv
Aliases: CVE-2016-3168 GHSA-qqxc-cppg-4xp8 |
Reflected file download vulnerability The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-tk6t-srar-h7a8
Aliases: CVE-2016-3165 GHSA-4gh5-3hqj-x3pj |
Improper Access Control The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition. |
Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-we42-mkyk-hfer
Aliases: CVE-2016-3169 GHSA-q3p9-8728-wq7x |
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 95 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-xumx-m3zz-jkh6
Aliases: CVE-2016-3167 GHSA-gxwx-c7m8-f95h |
Open redirect via double-encoded 'destination' parameter Open redirect vulnerability in the `drupal_goto` function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the `destination` parameter. |
Affected by 0 other vulnerabilities. Affected by 81 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||