CVSS: 6.8EPSS: 0%CPEs: 54EXPL: 0CVE-2012-0825
https://notcve.org/view.php?id=CVE-2012-0825
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack. Drupal 6.x anterior a la versión 6.23 y 7.x anterior a 7.11 no verifica que la información Attribute Exchange (AX) se firme, lo que permite a atacantes remotos modificar información AX potencialmente sensible sin la detección a través de ataques man-in-the-middle (MITM). • http://openid.net/2011/05/05/attribute-exchange-security-alert http://www.debian.org/security/2013/dsa-2776 https://drupal.org/node/1425084 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 59EXPL: 0CVE-2012-0826
https://notcve.org/view.php?id=CVE-2012-0826
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss of updates due to rate limit) via unspecified vectors. Vulnerabilidad de Cross-site request forgery (CSRF) en el modulo Aggregator en Drupal 6.x anterior a 6.23 y 7.x anterior a 7.11 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas para consultas que actualizan feeds y posiblemente causar denegación de servicio (perdida de actualizaciones debida a limite de tasa) a traves de vectores no especificados • http://www.debian.org/security/2013/dsa-2776 https://drupal.org/node/1425084 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4379
https://notcve.org/view.php?id=CVE-2013-4379
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. El módulo Make Meeting Scheduler 6.x-1.x anterior a la versión 6.x-1.3 para Drupal permite a atacantes remotos evadir restricciones de acceso de una encuesta a través de una petición directa a la URL del nodo en lugar the la URL hash. • http://secunia.com/advisories/54634 http://www.openwall.com/lists/oss-security/2013/09/27/6 https://drupal.org/node/2081637 https://drupal.org/node/2081647 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4384
https://notcve.org/view.php?id=CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. Vulnerabilidad de XSS en el módulo Google Site Search 6.x-1.x anterior a la versión 6.x-1.4 y 7.x-1.x anterior a 7.x-1.10 para Drupal permite a atacantes remotos inyectar script web arbitrario o HTML, provocando que datos diseñados sean devueltos por la API de Google. • http://osvdb.org/97503 http://www.securityfocus.com/bid/62495 https://drupal.org/node/2092395 https://exchange.xforce.ibmcloud.com/vulnerabilities/87285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5937
https://notcve.org/view.php?id=CVE-2013-5937
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. Vulnerabilidad CSRF en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que eliminen información de la base de datos a través de vectores que involucran la API Drupal Form. • http://osvdb.org/97203 http://seclists.org/fulldisclosure/2013/Sep/64 http://www.openwall.com/lists/oss-security/2013/10/21/5 https://drupal.org/node/2087055 https://exchange.xforce.ibmcloud.com/vulnerabilities/87052 • CWE-352: Cross-Site Request Forgery (CSRF) •