|
291851
|
- |
|
entity_api_project
|
entity_api
|
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE:…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4273
|
2024-11-21 10:55 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291852
|
- |
|
misery_project
|
misery
|
The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (pro…
|
CWE-399
Resource Management Errors
|
CVE-2013-4599
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291853
|
- |
|
rik_de_boer
|
revisioning
|
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4597
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291854
|
- |
|
gordon_heydon
|
secure_pages
|
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4595
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291855
|
- |
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4596
|
2024-11-21 10:55 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291856
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291857
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291858
|
- |
|
groups_communities_and_co_project
|
gcc
|
The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vecto…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4598
|
2024-11-21 10:55 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291859
|
- |
|
gentoo
|
nullmailer
|
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4223
|
2024-11-21 10:55 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291860
|
- |
|
mediafront
|
mediafront
|
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "adm…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4380
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
