|
291791
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2024-11-21 10:42 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291792
|
- |
|
boombatower
|
subuser
|
The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4487
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291793
|
- |
|
boombatower
|
subuser
|
Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the us…
|
CWE-352
Origin Validation Error
|
CVE-2012-4486
|
2024-11-21 10:42 |
2012-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291794
|
- |
|
earl_dunovant
|
monthly_archive_by_node_type
|
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4491
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291795
|
- |
|
ricky_morse
|
excluded_users
|
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4490
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291796
|
- |
|
mark_burdett
|
securelogin
|
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a…
|
CWE-20
Improper Input Validation
|
CVE-2012-4489
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291797
|
- |
|
location_module_project
|
location
|
The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4488
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291798
|
- |
|
manuel_garcia
|
galleryformatter
|
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow rem…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4485
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291799
|
- |
|
trexart
|
campaignmonitor
|
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via un…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4484
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291800
|
- |
|
acquia
|
commons
|
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4483
|
2024-11-21 10:42 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
