CVSS: 5.0EPSS: 0%CPEs: 70EXPL: 0CVE-2012-5651
https://notcve.org/view.php?id=CVE-2012-5651
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. Drupal v6.x antes de v6.27 y v7.x antes de v7.18 muestra información a los usuarios bloqueados, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de los resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.osvdb.org/88528 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80792 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 1CVE-2012-5655
https://notcve.org/view.php?id=CVE-2012-5655
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. El módulo Context v6.x-3.x antes de v6.x-3.1 y v7.x-3.x antes de v7.x-3.0-beta6 para Drupal no restringe adecuadamente el acceso para bloquear el contenido, lo que permite a atacantes remotos obtener información sensible a través de una petición modificada. • http://drupal.org/node/1870550 http://drupalcode.org/project/context.git/commitdiff/4452bf1 http://drupalcode.org/project/context.git/commitdiff/d8bf8b6 http://secunia.com/advisories/51517 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0CVE-2012-5652
https://notcve.org/view.php?id=CVE-2012-5652
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. Drupal v6.x antes de v6.27 permite a atacantes remotos obtener información sensible acerca de los archivos subidos a través de un (1) feed RSS o (2) resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88527 http://secunia.com/advisories/51517 http://www.debian.org/security/2013/dsa-2776 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80794 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2012-5654
https://notcve.org/view.php?id=CVE-2012-5654
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. El módulo Nodewords: D6 Meta Tags antes de v6.x-1.14 para Drupal, cuando se configura para generar automáticamente las etiquetas meta descripción de texto del nodo, no filtra correctamente el contenido del nodo al crear las etiquetas, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de las etiquetas (1) description, (2) dc.description o (3) og:description • http://drupal.org/node/1859208 http://drupal.org/node/1859282 http://www.openwall.com/lists/oss-security/2012/12/20/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 1%CPEs: 72EXPL: 2CVE-2012-5653
https://notcve.org/view.php?id=CVE-2012-5653
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. La característica de carga de archivos en Drupal v6.x antes de v6.27 y v7.x antes de v7.18 permite a usuarios remotos autenticados eludir el mecanismo de protección y ejecutar código PHP arbitrario a través de un byte nulo en un nombre de archivo. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88529 http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80795 • CWE-20: Improper Input Validation •