|
289461
|
- |
|
netgenius
|
multilink
|
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users …
|
CWE-200
Information Exposure
|
CVE-2012-5589
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289462
|
- |
|
epiqo
|
email
|
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5588
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289463
|
- |
|
epiqo
|
email
|
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5587
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289464
|
- |
|
marc_ingram
|
services
|
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5586
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289465
|
- |
|
mixpanel_project
|
mixpanel
|
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5585
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289466
|
- |
|
m2osw
|
tableofcontents
|
The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5584
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289467
|
- |
|
naver
|
loctouch
|
The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log …
|
CWE-200
Information Exposure
|
CVE-2012-5183
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289468
|
- |
|
naver
|
loctouch
|
The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted applicati…
|
CWE-200
Information Exposure
|
CVE-2012-5182
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289469
|
- |
|
opera
|
opera_mini
opera_mobile
|
The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a cr…
|
CWE-200
Information Exposure
|
CVE-2012-5180
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289470
|
- |
|
boatmob
|
boat_browser
boat_browser_mini
|
The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5179
|
2024-11-21 10:44 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
