|
296731
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-4479
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296732
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2012-4478
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296733
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4477
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296734
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4476
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296735
|
- |
|
security_questions_project
|
security_questions
|
The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4475
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296736
|
- |
|
colorbox_node
|
dennis_blake
|
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4474
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296737
|
- |
|
christian_johansson
|
restrict_node_page_view
|
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished no…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4473
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296738
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an…
|
NVD-CWE-Other
|
CVE-2012-4472
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296739
|
- |
|
dominique_clause
|
search_autocomplete
|
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4471
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296740
|
- |
|
philip_ludlam
|
listhandler
|
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4470
|
2024-11-21 10:42 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
