|
293201
|
- |
|
drupal
|
drupal
|
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1591
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293202
|
- |
|
drupal
|
drupal
|
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1590
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293203
|
- |
|
drupal
|
drupal
|
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain r…
|
CWE-399
Resource Management Errors
|
CVE-2012-1588
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293204
|
- |
|
springsource
|
grails
|
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1833
|
2024-11-21 10:37 |
2012-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293205
|
- |
|
juan_ramon
|
osclass
|
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability …
|
CWE-22
Path Traversal
|
CVE-2012-1617
|
2024-11-21 10:37 |
2012-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293206
|
- |
|
drupal
|
faq
|
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1646
|
2024-11-21 10:37 |
2012-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293207
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properl…
|
CWE-399
Resource Management Errors
|
CVE-2012-1529
|
2024-11-21 10:37 |
2012-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293208
|
- |
|
databasepublish
|
admin\
|
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and …
|
CWE-352
Origin Validation Error
|
CVE-2012-1631
|
2024-11-21 10:37 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293209
|
- |
|
nestor_mata_cuthbert
|
taxonomy_navigator
|
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1630
|
2024-11-21 10:37 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293210
|
- |
|
dmitry_loac
|
taxotouch
|
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1629
|
2024-11-21 10:37 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
