|
272431
|
- |
|
structured_dynamics
|
open_semantic_framework
|
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of adm…
|
CWE-352
Origin Validation Error
|
CVE-2015-7233
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272432
|
- |
|
structured_dynamics
|
open_semantic_framework
|
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2015-7232
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272433
|
- |
|
drupalcommerce
|
commerce_commonwealth
|
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, re…
|
CWE-20
Improper Input Validation
|
CVE-2015-7231
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272434
|
- |
|
workbench_email_project
|
workbench_email
|
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7230
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272435
|
- |
|
twitter_project
|
twitter
|
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7229
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272436
|
- |
|
restful_project
|
restful
|
The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensi…
|
NVD-CWE-Other
|
CVE-2015-7228
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272437
|
- |
|
fieldable_panels_panes_project
|
fieldable_panels_panes
|
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-7227
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272438
|
- |
|
administration_views_project
|
administration_views
|
The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to ob…
|
CWE-200
Information Exposure
|
CVE-2015-7226
|
2024-11-21 11:36 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272439
|
5.3 |
MEDIUM
Network
|
multibit
|
multibit_hd
|
MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot …
|
CWE-697
Incorrect Comparison
|
CVE-2015-6964
|
2024-11-21 11:35 |
2023-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272440
|
9.8 |
CRITICAL
Network
|
boschsecurity
|
nbn-498_dinion2x_day\/night_ip_cameras_firmware
|
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to …
|
CWE-91
Blind XPath Injection
|
CVE-2015-6970
|
2024-11-21 11:35 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
