|
291621
|
- |
|
feeds_project
|
feeds
|
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5543
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291622
|
- |
|
pedro_cambra
|
commerce_extra_panes
|
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests…
|
CWE-352
Origin Validation Error
|
CVE-2012-5542
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291623
|
- |
|
twitter_pull_project
|
twitter_pull
|
Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5541
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291624
|
- |
|
tekritisoftware
|
hostip
|
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5540
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291625
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5539
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291626
|
- |
|
nathan_haug
|
filefield_sources
|
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows r…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5538
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291627
|
- |
|
simplenews_scheduler_project
|
simplenews_scheduler
|
The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling f…
|
CWE-94
Code Injection
|
CVE-2012-5537
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291628
|
- |
|
flashtux
|
weechat
|
The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "sh…
|
CWE-20
Improper Input Validation
|
CVE-2012-5534
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291629
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of admini…
|
CWE-352
Origin Validation Error
|
CVE-2012-5450
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291630
|
- |
|
orangehrm
|
orangehrm
|
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPa…
|
CWE-89
SQL Injection
|
CVE-2012-5367
|
2024-11-21 10:44 |
2012-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
