|
292011
|
- |
|
chatelao
|
php_address_book
|
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1912
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292012
|
- |
|
chatelao
|
php_address_book
|
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter …
|
CWE-89
SQL Injection
|
CVE-2012-1911
|
2024-11-21 10:38 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292013
|
- |
|
mclewin
|
wishlist
|
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary u…
|
CWE-352
Origin Validation Error
|
CVE-2012-2069
|
2024-11-21 10:38 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292014
|
- |
|
tiger-fish
|
fancy_slide
|
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2068
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292015
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allo…
|
NVD-CWE-noinfo
|
CVE-2012-2067
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292016
|
- |
|
ckeditor
|
fckeditor
ckeditor
|
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticate…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2066
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292017
|
- |
|
freso
|
languageicons
|
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2065
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292018
|
- |
|
mark_theunissen
|
views_lang_switch
|
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2064
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292019
|
- |
|
brian_altenhofel
|
slidebox
|
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2063
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292020
|
- |
|
buddypress
|
buddypress
|
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_wid…
|
CWE-89
SQL Injection
|
CVE-2012-2109
|
2024-11-21 10:38 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
