|
294641
|
- |
|
peter_pokrivcak
|
post_affiliate_pro
|
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2706
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294642
|
- |
|
christopher_mitchell
|
smart_breadcrumb
|
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi…
|
CWE-20
Improper Input Validation
|
CVE-2012-2705
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294643
|
- |
|
john_franklin
|
advertisement
|
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2703
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294644
|
- |
|
tony_freixas
|
ubercart_product_keys
|
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2702
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294645
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord cla…
|
CWE-89
SQL Injection
|
CVE-2012-2695
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294646
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2694
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294647
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco…
|
CWE-89
SQL Injection
|
CVE-2012-2661
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294648
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2660
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294649
|
- |
|
drupal-id
|
counter_module
|
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
|
CWE-89
SQL Injection
|
CVE-2012-2718
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294650
|
- |
|
david_stosik
|
comment_moderation
|
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2012-2716
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
