CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2077
https://notcve.org/view.php?id=CVE-2012-2077
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API." Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo de ShareThis v7.x-2.x antes v7.x-2.3 para Drupal permite a atacantes remotos secuestrar la autenticación de los usuarios con permisos de administración de "ShareThis" a través de vectores desconocidos "fuera de la API del formulario". • http://drupal.org/node/1504746 http://drupal.org/node/1506448 http://drupalcode.org/project/sharethis.git/commit/11f247a http://secunia.com/advisories/48598 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80681 http://www.securityfocus.com/bid/52778 https://exchange.xforce.ibmcloud.com/vulnerabilities/74518 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 2CVE-2012-2300
https://notcve.org/view.php?id=CVE-2012-2300
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x v3.x antes de v7.x-3.1 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permisos de administración de clases de productos a través de vectores no especificados. • http://drupal.org/node/1547506 http://drupal.org/node/1547508 http://drupal.org/node/1547674 http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8 http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658 http://secunia.com/advisories/48935 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 2CVE-2012-2299
https://notcve.org/view.php?id=CVE-2012-2299
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. El módulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x-v3.x antes de v7.x-3.1 para Drupal almacena las contraseñas para los nuevos clientes en el texto plano durante el pago, lo que permite a usuarios locales obtener información sensible mediante la lectura de la base de datos. • http://drupal.org/node/1547506 http://drupal.org/node/1547508 http://drupal.org/node/1547674 http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84 http://secunia.com/advisories/48935 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53251 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2304
https://notcve.org/view.php?id=CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Linkit v7.x-2.x antes de v7.x-2.3 para Drupal, cuando se utiliza un módulo de acceso a la entidad, no comprueba los permisos en la búsqueda de entidades, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1547716 http://drupal.org/node/1547738 http://secunia.com/advisories/48900 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.osvdb.org/81557 http://www.securityfocus.com/bid/53253 https://exchange.xforce.ibmcloud.com/vulnerabilities/75183 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2012-2097
https://notcve.org/view.php?id=CVE-2012-2097
Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node." Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo de guardado automático (AutoSave) v6.x antes de v6.x-2.10 y v7.x-2.x antes de v7.x-2.0 para Drupal permite a atacantes remotos secuestrar la autenticación de usuarios de su elección que realicen solicitudes que incluyan "el envío de resultados guardados a un nodo." • http://drupal.org/node/1525998 http://drupal.org/node/1528864 http://drupal.org/node/1528906 http://drupalcode.org/project/autosave.git/commitdiff/39f7fb0 http://drupalcode.org/project/autosave.git/commitdiff/f7bfd2d http://www.openwall.com/lists/oss-security/2012/04/11/4 http://www.openwall.com/lists/oss-security/2012/04/12/2 http://www.securityfocus.com/bid/52985 https://exchange.xforce.ibmcloud.com/vulnerabilities/74838 • CWE-352: Cross-Site Request Forgery (CSRF) •