|
294331
|
- |
|
drupal
|
drupal
|
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests.
|
CWE-399
Resource Management Errors
|
CVE-2013-0316
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294332
|
- |
|
elliot_pahl
|
drush_debian_packaging
|
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2013-0260
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294333
|
- |
|
boxes_project
|
boxes
|
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0259
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294334
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an a…
|
CWE-287
Improper Authentication
|
CVE-2013-0258
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294335
|
- |
|
david_alkire
|
email2image
|
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0257
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294336
|
- |
|
bart_feenstra
|
payment
|
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0182
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294337
|
- |
|
thomas_seidl
|
search_api
|
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0181
|
2024-11-21 10:47 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294338
|
- |
|
ibm
|
lotus_domino
|
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote authenticated users to hijack the authentication of administrators.
|
CWE-352
Origin Validation Error
|
CVE-2013-0489
|
2024-11-21 10:47 |
2013-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294339
|
- |
|
ibm
|
lotus_domino
|
Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-0488
|
2024-11-21 10:47 |
2013-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294340
|
- |
|
ibm
|
lotus_domino
|
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
|
CWE-287
Improper Authentication
|
CVE-2013-0487
|
2024-11-21 10:47 |
2013-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
