|
281031
|
- |
|
ubercart_webform_integration_project
|
ubercart_webform_integration
|
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inje…
|
CWE-79
Cross-site Scripting
|
CVE-2015-4354
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281032
|
- |
|
osscube
|
custom_sitemap
|
Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via un…
|
CWE-352
Origin Validation Error
|
CVE-2015-4353
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281033
|
- |
|
web-dorado
|
web-dorado_spider_video_player
|
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via…
|
CWE-352
Origin Validation Error
|
CVE-2015-4352
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281034
|
- |
|
web-dorado
|
web-dorado_spider_video_player
|
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-4351
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281035
|
- |
|
web-dorado
|
spider_catalog
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Spider Catalog module for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete (1) p…
|
CWE-352
Origin Validation Error
|
CVE-2015-4350
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281036
|
- |
|
spider_contacts_project
|
spider_contacts
|
Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact catego…
|
CWE-352
Origin Validation Error
|
CVE-2015-4349
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281037
|
- |
|
spider_contacts_project
|
spider_contacts
|
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL co…
|
CWE-89
SQL Injection
|
CVE-2015-4348
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281038
|
- |
|
inlinks_project
|
inlinks
|
Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments.
|
CWE-79
Cross-site Scripting
|
CVE-2015-4347
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281039
|
- |
|
sms_framework_project
|
sms_framework
|
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2015-4346
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281040
|
- |
|
restful_web_services_project
|
restful_web_services
|
The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers …
|
CWE-200
Information Exposure
|
CVE-2015-4345
|
2024-11-21 11:30 |
2015-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
