|
291781
|
- |
|
yandex.metrics_project
|
yandex_metrics
|
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via v…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0319
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291782
|
- |
|
banckle_chat_project
|
banckle_chat
|
The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0318
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291783
|
- |
|
joe_haskins
|
og_manager_change
|
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0317
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291784
|
- |
|
drupal
|
drupal
|
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
|
CWE-399
Resource Management Errors
|
CVE-2013-0316
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291785
|
- |
|
elliot_pahl
|
drush_debian_packaging
|
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2013-0260
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291786
|
- |
|
boxes_project
|
boxes
|
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0259
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291787
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an a…
|
CWE-287
Improper Authentication
|
CVE-2013-0258
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291788
|
- |
|
david_alkire
|
email2image
|
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0257
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291789
|
- |
|
bart_feenstra
|
payment
|
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0182
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291790
|
- |
|
thomas_seidl
|
search_api
|
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0181
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
