|
280281
|
- |
|
inline_entity_form_project
|
inline_entity_form
|
Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5507
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280282
|
- |
|
apache_solr_real-time_project
|
apache_solr_real-time
|
The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content …
|
CWE-200
Information Exposure
|
CVE-2015-5506
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280283
|
- |
|
codfront_labs
|
http_strict_transport_security
|
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS pol…
|
CWE-17
Code
|
CVE-2015-5505
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280284
|
- |
|
novalnet
|
novalnet_payment_module_ubercart-
|
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-5504
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280285
|
- |
|
chamilo_integration_project
|
chamilo_integration
|
Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspe…
|
NVD-CWE-Other
|
CVE-2015-5503
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280286
|
- |
|
storage_api_project
|
storage_api
|
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspeci…
|
CWE-284
Improper Access Control
|
CVE-2015-5502
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280287
|
- |
|
aegirproject
|
hostmaster
|
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to writ…
|
CWE-254
7PK - Security Features
|
CVE-2015-5501
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280288
|
- |
|
navigate_project
|
navigate
|
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5500
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280289
|
- |
|
navigate_project
|
navigate
|
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate vie…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5499
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280290
|
- |
|
shipwire_api_project
|
shipwire_api
|
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5498
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
