|
270381
|
- |
|
node_template_project
|
node_template
|
Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote attackers to hijack the authentication of users with the "access node template" permission for req…
|
CWE-352
Origin Validation Error
|
CVE-2015-4397
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270382
|
- |
|
keyword_research_project
|
keyword_research
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwre…
|
CWE-352
Origin Validation Error
|
CVE-2015-4396
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270383
|
- |
|
hybridauth_social_login_project
|
hybridauth_social_login
|
The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenti…
|
CWE-200
Information Exposure
|
CVE-2015-4395
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270384
|
- |
|
services_project
|
services
|
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4394
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270385
|
- |
|
services_project
|
services
|
The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary …
|
CWE-20
Improper Input Validation
|
CVE-2015-4393
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270386
|
- |
|
display_suite_project
|
display_suite
|
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to fie…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4392
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270387
|
- |
|
civicrm
|
civicrm_private_report
|
Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2015-4391
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270388
|
- |
|
user_import_project
|
user_import
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the User Import module 6.x-4.x before 6.x-4.4 and 7.x-2.x before 7.x-2.3 for Drupal allow remote attackers to hijack the authentication o…
|
CWE-352
Origin Validation Error
|
CVE-2015-4390
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270389
|
- |
|
open_graph_importer_project
|
open_graph_importer
|
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4389
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270390
|
- |
|
current_search_links_project
|
current_search_links
|
Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4388
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
