CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4473
https://notcve.org/view.php?id=CVE-2012-4473
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished nodes via a direct request. El módulo de vista de página de nodo restringidos ("Restrict node page view module") v7.x-1.x antes de v7.x-1.2 para Drupal permite a usuarios remotos autenticados con los permisos "ver cualquier nodo de página" o "ver pagina de cualquier {tipo de} nodo" permite acceder a los nodos no publicados a través de un solicitud directa. • http://drupal.org/node/1662724 http://drupal.org/node/1679466 http://www.openwall.com/lists/oss-security/2012/10/04/3 http://www.securityfocus.com/bid/54407 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2012-2084
https://notcve.org/view.php?id=CVE-2012-2084
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de impresión, correo electrónico y PDF versiones 6.x-1.x antes de 6.x-1.15 y 7.x-1.x antes 7.x-1.0 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores no especificados, probablemente el PATH_INFO. • http://drupal.org/node/1515060 http://drupal.org/node/1515076 http://drupal.org/node/1515722 http://drupalcode.org/project/print.git/commit/30480e0 http://drupalcode.org/project/print.git/commit/6771c3f http://secunia.com/advisories/48625 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52896 https://exchange.xforce.ibmcloud.com/vulnerabilities/74611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4553
https://notcve.org/view.php?id=CVE-2012-4553
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." Drupal v7.x antes de v7.16 permite a atacantes remotos obtener información sensible y posiblemente reinstalar Drupal y ejecutar código PHP arbitrario a través de un servidor de base de datos externa, relacionado con "las condiciones transitorias". • http://drupal.org/node/1815904 http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 19%CPEs: 31EXPL: 0CVE-2012-4554 – Drupal OpenID External Entity Injection
https://notcve.org/view.php?id=CVE-2012-4554
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. El módulo OpenID en Drupal v7.x antes de v7.16 permite a servidores OpenID remotos leer archivos arbitrarios mediante una declaración DOCTYPE manipulada en un archivo XRDS. • http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 1CVE-2012-4489
https://notcve.org/view.php?id=CVE-2012-4489
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. Vulnerabilidad de redirección abierta en la función securelogin_secure_redirect en el módulo Secure Login v7.x-1.x antes de 7v.x-1.3 para Drupal permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de una URL en el parámetro q. • http://drupal.org/node/1700594 http://drupalcode.org/project/securelogin.git/commitdiff/88518df http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54675 https://drupal.org/node/1692976 https://drupal.org/node/1698988 • CWE-20: Improper Input Validation •