CVSS: 6.0EPSS: 1%CPEs: 84EXPL: 1CVE-2012-1641
https://notcve.org/view.php?id=CVE-2012-1641
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. La función finder_import en el módulo Finder v6.x-1.x anterior a v6.x-1.26, v7.x-1.x, y v7.x-2.x anterior a v7.x-2.0-alpha8 para Drupal permite a usuarios remotos autenticados con permisos de administración del finder ejecutar código PHP arbitrario a través de admin/build/finder/import. • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/bc0cc82 http://secunia.com/advisories/47915 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists/oss-security/2012/03/16/9 http://www.openwall.com/lists/oss-security/2012/03/19/9 http://www.openwall.com/lists/oss-security/2012/04/07/1 http:/&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-1642
https://notcve.org/view.php?id=CVE-2012-1642
includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. includes/linkchecker.pages.inc en el módulo Link checker v6.x-2.x anterior a v6.x-2.5 para Drupal no aplica correctamente los permisos de acceso a enlaces rotos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1440508 http://drupalcode.org/project/linkchecker.git/commit/fef0ddf http://secunia.com/advisories/48022 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79315 https://drupal.org/node/1441252 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1645
https://notcve.org/view.php?id=CVE-2012-1645
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. El módulo CDN v6.x-2.2 y v7.x-2.2 para Drupal, cuando está en ejecución en modo Origin Pull con la opción "Far Future expiration" habilitada, permite a atacantes remotos leer ficheros PHP de su elección a través de vectores no especificados, como se ha demostrado leyendo settings.php. • http://drupal.org/node/1441480 http://drupal.org/node/1441482 http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff http://drupalcode.org/project/cdn.git/commitdiff/eca85e6 http://secunia.com/advisories/48032 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79317 https://drupal.org/node/1441502 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2297
https://notcve.org/view.php?id=CVE-2012-2297
Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Creative Commons v6.x-1.x y anteriores a v6.x-1.1 para Drupal que permite a usuarios remotos autenticados con permisos de administración (creative commons) inyectar código web o HTML arbitrario a través del parámetro (1) creativecommons_user_message o (2) creativecommons_site_license_additional_text. • http://drupal.org/node/1547478 http://drupal.org/node/1547520 http://secunia.com/advisories/48937 http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53248 https://exchange.xforce.ibmcloud.com/vulnerabilities/75180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2072
https://notcve.org/view.php?id=CVE-2012-2072
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo "Share Buttons" (AddToAny) v6.x-3.x antes de v6.x-3.4 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permiso para administrar AddToAny a través de vectores no especificados. • http://drupal.org/node/1083664 http://drupal.org/node/1506412 http://osvdb.org/80675 http://secunia.com/advisories/48615 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52777 https://exchange.xforce.ibmcloud.com/vulnerabilities/74469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •