|
292891
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote atta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1968
|
2024-11-21 10:38 |
2012-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292892
|
- |
|
ibm
|
lotus_protector_for_mail_security
proventia_network_mail_security_system_firmware
|
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticat…
|
CWE-22
Path Traversal
|
CVE-2012-2202
|
2024-11-21 10:38 |
2012-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292893
|
- |
|
oleg_kovalchuk
|
cctags
|
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2310
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292894
|
- |
|
wearepropeople
|
glossify_internal_links_auto_seo
|
Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2309
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292895
|
- |
|
tahiticlic
|
taxonomy_grid_catalog
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2308
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292896
|
- |
|
plaatsoft
|
addressbook
|
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vector…
|
CWE-352
Origin Validation Error
|
CVE-2012-2307
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292897
|
- |
|
drupal
|
drupal
|
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-2306
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292898
|
- |
|
justin_ellison
|
node_gallery
|
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that creat…
|
CWE-352
Origin Validation Error
|
CVE-2012-2305
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292899
|
- |
|
nancy_wichmann
|
sitedoc
|
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspe…
|
CWE-200
Information Exposure
|
CVE-2012-2302
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292900
|
- |
|
janrain
|
rpx
|
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attack…
|
CWE-200
Information Exposure
|
CVE-2012-2296
|
2024-11-21 10:38 |
2012-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
