Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4493 | 2 Drupal, Roy Baxter | 2 Drupal, Better Revisions | 2012-11-06 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-4487 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2012-11-05 | 4.0 MEDIUM | N/A |
| The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | |||||
| CVE-2012-4482 | 2 Drupal, Longwaveconsulting | 2 Drupal, Ubercart Securetrading Payment Method Module | 2012-11-02 | 5.0 MEDIUM | N/A |
| The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | |||||
| CVE-2012-5705 | 2 Drupal, Justin Dodge | 2 Drupal, Hotblocks | 2012-11-02 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names." | |||||
| CVE-2012-4494 | 2 Drupal, Niif | 2 Drupal, Shibb Auth | 2012-11-02 | 4.3 MEDIUM | N/A |
| The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. | |||||
| CVE-2012-4488 | 2 Drupal, Location Module Project | 2 Drupal, Location | 2012-11-02 | 5.0 MEDIUM | N/A |
| The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page. | |||||
| CVE-2012-5704 | 2 Drupal, Justin Dodge | 2 Drupal, Hotblocks | 2012-11-01 | 3.5 LOW | N/A |
| The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself. | |||||
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2012-11-01 | 5.0 MEDIUM | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | |||||
| CVE-2012-2069 | 2 Drupal, Mclewin | 2 Drupal, Wishlist | 2012-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | |||||
| CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2012-10-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | |||||
| CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2012-10-08 | 4.3 MEDIUM | N/A |
| The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
| CVE-2010-5275 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2012-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2012-10-08 | 5.0 MEDIUM | N/A |
| The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||||
| CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2012-10-02 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | |||||
| CVE-2012-1636 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2012-10-02 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | |||||
| CVE-2012-1638 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2012-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5007 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2012-09-20 | 5.0 MEDIUM | N/A |
| The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1625 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2012-09-20 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2012-1632 | 2 Drupal, Erik Webb | 2 Drupal, Password Policy | 2012-09-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2012-1651 | 2 Drupal, Thinkleft | 2 Drupal, Submenu Tree | 2012-09-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||