|
301911
|
- |
|
ocportal
|
ocportal
|
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1470
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301912
|
- |
|
luke_herrington
|
stickynote
|
Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes v…
|
CWE-352
Origin Validation Error
|
CVE-2012-1636
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301913
|
- |
|
commerceguys
|
commerce
|
Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1639
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301914
|
- |
|
atheme
|
atheme
|
The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1576
|
2024-11-21 10:37 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301915
|
- |
|
drupal
|
drupal
|
The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1591
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301916
|
- |
|
drupal
|
drupal
|
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1590
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301917
|
- |
|
drupal
|
drupal
|
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain r…
|
CWE-399
Resource Management Errors
|
CVE-2012-1588
|
2024-11-21 10:37 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301918
|
- |
|
springsource
|
grails
|
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1833
|
2024-11-21 10:37 |
2012-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301919
|
- |
|
juan_ramon
|
osclass
|
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability …
|
CWE-22
Path Traversal
|
CVE-2012-1617
|
2024-11-21 10:37 |
2012-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301920
|
- |
|
drupal
|
faq
|
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1646
|
2024-11-21 10:37 |
2012-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
