MidnightBSD

Advisories for sean_robertson

CVE-2012-1056 MEDIUM

The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sean_robertson forward 6.x-1.4
sean_robertson forward 6.x-1.1
sean_robertson forward 6.x-1.14
sean_robertson forward 6.x-1.3
sean_robertson forward 6.x-1.10
sean_robertson forward 6.x-1.20
sean_robertson forward 6.x-1.5
sean_robertson forward 6.x-1.8
sean_robertson forward 7.x-1.0
sean_robertson forward 6.x-1.11
sean_robertson forward 6.x-1.x-dev
sean_robertson forward 6.x-1.17
sean_robertson forward 7.x-1.1
sean_robertson forward 6.x-1.2
sean_robertson forward 7.x-1.2
sean_robertson forward 6.x-1.15
sean_robertson forward 6.x-1.13
sean_robertson forward 6.x-1.19
sean_robertson forward 7.x-1.x-dev
sean_robertson forward 6.x-1.18
sean_robertson forward 6.x-1.7
sean_robertson forward 6.x-1.6
sean_robertson forward 6.x-1.0
sean_robertson forward 6.x-1.12
sean_robertson forward 6.x-1.16
sean_robertson forward 6.x-1.9
CVE-2012-1057 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
sean_robertson forward 6.x-1.4
sean_robertson forward 6.x-1.1
sean_robertson forward 6.x-1.14
sean_robertson forward 6.x-1.3
sean_robertson forward 6.x-1.10
sean_robertson forward 6.x-1.20
sean_robertson forward 6.x-1.5
sean_robertson forward 6.x-1.8
sean_robertson forward 7.x-1.0
sean_robertson forward 6.x-1.11
sean_robertson forward 6.x-1.x-dev
sean_robertson forward 6.x-1.17
sean_robertson forward 7.x-1.1
sean_robertson forward 6.x-1.2
sean_robertson forward 7.x-1.2
sean_robertson forward 6.x-1.15
sean_robertson forward 6.x-1.13
sean_robertson forward 6.x-1.19
sean_robertson forward 7.x-1.x-dev
sean_robertson forward 6.x-1.18
sean_robertson forward 6.x-1.7
sean_robertson forward 6.x-1.6
sean_robertson forward 6.x-1.0
sean_robertson forward 6.x-1.12
sean_robertson forward 6.x-1.16
sean_robertson forward 6.x-1.9