CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2729
https://notcve.org/view.php?id=CVE-2012-2729
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en el módulo SimpleMeta v6.x-1.x anteriores a v6.x-2.0 para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones de (1) borrado o (2) añadir una entrada "meta tag". • http://drupal.org/node/1534874 http://drupal.org/node/1632908 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53997 https://exchange.xforce.ibmcloud.com/vulnerabilities/76344 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 1CVE-2012-2721
https://notcve.org/view.php?id=CVE-2012-2721
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. La vista por defecto en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access content), lo que permite a atacantes remotos evitar los restricciones y posiblemente tenga otros impactos no determinados. • http://drupal.org/node/1619736 http://drupal.org/node/1619810 http://drupalcode.org/project/og.git/commitdiff/1485708 http://secunia.com/advisories/49397 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82728 http://www.securityfocus.com/bid/53838 https://exchange.xforce.ibmcloud.com/vulnerabilities/76150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2705
https://notcve.org/view.php?id=CVE-2012-2705
The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. La función filter_titles en el módulo Smart Breadcrumb v6.x-1.x anterior a v6.x-1.3 para Drupal no convierte correctamente un título a texto sin formato, permitiendo a usuarios remotos autenticados crear o editar los permisos de los nodos para realizar ataques XSS a través del parámetro title. • http://drupal.org/node/1568216 http://drupal.org/node/1585564 http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a http://secunia.com/advisories/49163 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82006 http://www.securityfocus.com/bid/53592 https://exchange.xforce.ibmcloud.com/vulnerabilities/75713 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2012-2728
https://notcve.org/view.php?id=CVE-2012-2728
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en él módulo Node Hierarchy v6.x-1.x anteriores v6.x-1.5 para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones de cambio de la posición del nodo en la estructura a través de una acción (1) subir o (2) bajar. • http://drupal.org/node/1632432 http://drupal.org/node/1632900 http://drupalcode.org/project/nodehierarchy.git/commitdiff/8b4b3f5 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53993 https://exchange.xforce.ibmcloud.com/vulnerabilities/76345 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2010-2021
https://notcve.org/view.php?id=CVE-2010-2021
Open redirect vulnerability in the Global Redirect module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, when non-clean to clean is enabled, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. Vulnerabilidad de redirección abierta en el módulo Global Redirect v6.x-1.x anteriores a v6.x-1.4 y v7.x-1.x anteriores a v7.x-1.4 para Drupal, cuando «non-clean to clean» está activado, permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de de una URL en el parámetro q. • http://drupal.org/node/1633054 http://drupal.org/node/768244 http://secunia.com/advisories/49523 http://www.madirish.net/?article=460 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82959 http://www.securityfocus.com/bid/54002 https://drupal.org/node/1378116 https://drupal.org/node/1378118 https://exchange.xforce.ibmcloud.com/vulnerabilities/76293 • CWE-20: Improper Input Validation •