CVSS: 5.0EPSS: 0%CPEs: 70EXPL: 0CVE-2012-5651
https://notcve.org/view.php?id=CVE-2012-5651
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. Drupal v6.x antes de v6.27 y v7.x antes de v7.18 muestra información a los usuarios bloqueados, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de los resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.osvdb.org/88528 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80792 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 1%CPEs: 72EXPL: 2CVE-2012-5653
https://notcve.org/view.php?id=CVE-2012-5653
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. La característica de carga de archivos en Drupal v6.x antes de v6.27 y v7.x antes de v7.18 permite a usuarios remotos autenticados eludir el mecanismo de protección y ejecutar código PHP arbitrario a través de un byte nulo en un nombre de archivo. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88529 http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80795 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2012-5591
https://notcve.org/view.php?id=CVE-2012-5591
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de Zero Point v6.x-1.x antes de v6.x-1.18 y v7.x-1.x antes de v7.x-1.4 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los alias de ruta. • http://drupal.org/node/1853350 http://drupal.org/node/1853358 http://drupal.org/node/1853376 http://www.openwall.com/lists/oss-security/2012/11/29/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2012-5552
https://notcve.org/view.php?id=CVE-2012-5552
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." El módulo Password policy v6.x-1.x antes de v6.x-1.5 y v7.x-1.x antes de v7.x-1.3 para Drupal permite a atacantes remotos obtener resúmenes de contraseñas esnifando la red, relacionado con "verificación del historial de contraseñas del lado de cliente" • http://drupal.org/node/1828130 http://drupal.org/node/1828142 http://drupal.org/node/1828340 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/56350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2012-5538
https://notcve.org/view.php?id=CVE-2012-5538
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo FileField v6.x-1.x antes de v6.x-1.6 y v7.x-1.x antes de v7.x-1.6 para Drupal, cuando el campo tiene fuente "Referencia existente" activado, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del nombre de archivo de un archivo cargado. • http://drupal.org/node/1789300 http://drupal.org/node/1789302 http://drupal.org/node/1789306 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •