CVE-2015-3362
https://notcve.org/view.php?id=CVE-2015-3362
Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. Vulnerabilidad de XSS en el módulo Video anterior a 7.x-2.11 para Drupal, cuando utiliza el plugin video WYSIWYG, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de un título de nodo. • http://www.openwall.com/lists/oss-security/2015/01/29/6 http://www.securityfocus.com/bid/72117 https://www.drupal.org/node/2407047 https://www.drupal.org/node/2407341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0224
https://notcve.org/view.php?id=CVE-2013-0224
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. El módulo de vídeo v7.x-2.x antes v7.x-2.9 para Drupal, cuando utiliza el transcodificador FFmpeg, permite a usuarios locales ejecutar código PHP arbitrario modificando un archivo temporal PHP. • http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1895234 https://drupal.org/node/1896714 • CWE-16: Configuration •
CVE-2008-1641 – EfesTECH Video 5.0 - 'catID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1641
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. Vulnerabilidad de inyección SQL en default.asp de EfesTECH Video 5.0, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro catID. • https://www.exploit-db.com/exploits/31582 http://secunia.com/advisories/29611 http://securityreason.com/securityalert/3791 http://www.securityfocus.com/archive/1/490309/100/0/threaded http://www.securityfocus.com/bid/28532 https://exchange.xforce.ibmcloud.com/vulnerabilities/41550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •