|
293861
|
- |
|
aidanlister
|
regcode
|
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1623
|
2024-11-21 10:37 |
2012-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293862
|
- |
|
ez
|
ez_publish
|
Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.
|
NVD-CWE-noinfo
|
CVE-2012-1565
|
2024-11-21 10:37 |
2012-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293863
|
- |
|
yuriy_v_semenikhin
|
yvs_image_gallery
|
Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1564
|
2024-11-21 10:37 |
2012-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293864
|
- |
|
nextbbs
|
nextbbs
|
Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1604
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293865
|
- |
|
nextbbs
|
nextbbs
|
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id paramet…
|
CWE-89
SQL Injection
|
CVE-2012-1603
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293866
|
- |
|
nextbbs
|
nextbbs
|
user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2012-1602
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293867
|
- |
|
ocportal
|
ocportal
|
Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2012-1471
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293868
|
- |
|
ocportal
|
ocportal
|
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1470
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293869
|
- |
|
luke_herrington
|
stickynote
|
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v…
|
CWE-352
Origin Validation Error
|
CVE-2012-1636
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293870
|
- |
|
commerceguys
|
commerce
|
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1639
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
