|
295091
|
- |
|
mozilla
|
bugzilla
|
Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4189
|
2024-11-21 10:42 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295092
|
- |
|
simon_brown
|
pebble
|
CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2012-4023
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295093
|
- |
|
simon_brown
|
pebble
|
Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4022
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295094
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information …
|
CWE-287
Improper Authentication
|
CVE-2012-4021
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295095
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295096
|
- |
|
boombatower
|
subuser
|
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4487
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295097
|
- |
|
boombatower
|
subuser
|
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the us…
|
CWE-352
Origin Validation Error
|
CVE-2012-4486
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295098
|
- |
|
earl_dunovant
|
monthly_archive_by_node_type
|
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4491
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295099
|
- |
|
ricky_morse
|
excluded_users
|
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4490
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295100
|
- |
|
mark_burdett
|
securelogin
|
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a…
|
CWE-20
Improper Input Validation
|
CVE-2012-4489
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
