|
302751
|
- |
|
christopher_mitchell
|
smart_breadcrumb
|
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edi…
|
CWE-20
Improper Input Validation
|
CVE-2012-2705
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302752
|
- |
|
john_franklin
|
advertisement
|
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2703
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302753
|
- |
|
tony_freixas
|
ubercart_product_keys
|
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2702
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302754
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord cla…
|
CWE-89
SQL Injection
|
CVE-2012-2695
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302755
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2694
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302756
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco…
|
CWE-89
SQL Injection
|
CVE-2012-2661
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302757
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2660
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302758
|
- |
|
drupal-id
|
counter_module
|
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
|
CWE-89
SQL Injection
|
CVE-2012-2718
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302759
|
- |
|
david_stosik
|
comment_moderation
|
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2012-2716
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302760
|
- |
|
openstack
|
compute
essex
diablo
|
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc…
|
CWE-20
Improper Input Validation
|
CVE-2012-2654
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
