|
296521
|
- |
|
john_albin
|
zen
|
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to injec…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2710
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296522
|
- |
|
antoine_beaupre
|
hostmaster
|
Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2708
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296523
|
- |
|
antoine_beaupre
|
hostmaster
|
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2707
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296524
|
- |
|
peter_pokrivcak
|
post_affiliate_pro
|
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2706
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296525
|
- |
|
christopher_mitchell
|
smart_breadcrumb
|
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi…
|
CWE-20
Improper Input Validation
|
CVE-2012-2705
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296526
|
- |
|
john_franklin
|
advertisement
|
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2703
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296527
|
- |
|
tony_freixas
|
ubercart_product_keys
|
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2702
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296528
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord cla…
|
CWE-89
SQL Injection
|
CVE-2012-2695
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296529
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2694
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296530
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco…
|
CWE-89
SQL Injection
|
CVE-2012-2661
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
