|
269131
|
- |
|
migrate_project
|
migrate
|
Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5514
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269132
|
- |
|
niif
|
shibboleth_authentication
|
Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer bl…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5513
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269133
|
- |
|
me_aliases_project
|
me_aliases
|
The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in …
|
CWE-284
Improper Access Control
|
CVE-2015-5512
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269134
|
- |
|
hybridauth_social_login_project
|
hybridauth_social_login
|
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social lo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5511
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269135
|
- |
|
content_construction_kit_project
|
content_construction_kit
|
Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via …
|
NVD-CWE-Other
|
CVE-2015-5510
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269136
|
- |
|
administration_views_project
|
administration_views
|
The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5509
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269137
|
- |
|
the_extensible_catalog_drupal_toolkit_project
|
the_extensible_catalog_drupal_toolkit
|
Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "ad…
|
CWE-352
Origin Validation Error
|
CVE-2015-5508
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269138
|
- |
|
inline_entity_form_project
|
inline_entity_form
|
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5507
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269139
|
- |
|
apache_solr_real-time_project
|
apache_solr_real-time
|
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content …
|
CWE-200
Information Exposure
|
CVE-2015-5506
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269140
|
- |
|
codfront_labs
|
http_strict_transport_security
|
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS pol…
|
CWE-17
Code
|
CVE-2015-5505
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
