CVE-2014-9504
- EPSS 0.27%
- Veröffentlicht 01.02.2018 17:29:01
- Zuletzt bearbeitet 21.11.2024 02:21:02
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
CVE-2014-9502
- EPSS 0.09%
- Veröffentlicht 01.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 02:21:02
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu call...
CVE-2014-9503
- EPSS 0.21%
- Veröffentlicht 01.02.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 02:21:02
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks.
- EPSS 0.18%
- Veröffentlicht 12.11.2014 16:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.