|
291841
|
- |
|
openkm
|
openkm
|
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2315
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291842
|
- |
|
open-emr
|
openemr
|
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2115
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291843
|
- |
|
chatelao
|
php_address_book
|
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1912
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291844
|
- |
|
chatelao
|
php_address_book
|
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter …
|
CWE-89
SQL Injection
|
CVE-2012-1911
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291845
|
- |
|
mclewin
|
wishlist
|
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary u…
|
CWE-352
Origin Validation Error
|
CVE-2012-2069
|
2024-11-21 10:38 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291846
|
- |
|
tiger-fish
|
fancy_slide
|
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2068
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291847
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allo…
|
NVD-CWE-noinfo
|
CVE-2012-2067
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291848
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticate…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2066
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291849
|
- |
|
freso
|
languageicons
|
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2065
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291850
|
- |
|
mark_theunissen
|
views_lang_switch
|
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2064
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
