CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-5544
https://notcve.org/view.php?id=CVE-2012-5544
The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard. El módulo Mandrill v7.x-1.x antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente obtener enlaces de reinicio de contrañseña mediante la lectura de registros en el Mandrill dashboard. • http://drupal.org/node/1807894 http://drupal.org/node/1808846 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5549
https://notcve.org/view.php?id=CVE-2012-5549
Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Time Spent module v6.x y v7.x para Drupal, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://drupal.org/node/1822066 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.6EPSS: 0%CPEs: 11EXPL: 0CVE-2012-5557
https://notcve.org/view.php?id=CVE-2012-5557
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. El módulo User Read-Only v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.4 para Drupal no asigna roles adecuadamente cuando hay más de tres roles en el sitio y se dan algunas configuraciones no especificadas, lo que podría permitir a usuarios autenticados remotamente ganar privilegios a través de ciertas operaciones, como se demostró con un cambio de contraseña. • http://drupal.org/node/1840038 http://drupal.org/node/1840054 http://drupal.org/node/1840886 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2012-5552
https://notcve.org/view.php?id=CVE-2012-5552
The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." El módulo Password policy v6.x-1.x antes de v6.x-1.5 y v7.x-1.x antes de v7.x-1.3 para Drupal permite a atacantes remotos obtener resúmenes de contraseñas esnifando la red, relacionado con "verificación del historial de contraseñas del lado de cliente" • http://drupal.org/node/1828130 http://drupal.org/node/1828142 http://drupal.org/node/1828340 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/56350 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5542
https://notcve.org/view.php?id=CVE-2012-5542
Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests that enable or disable a Commerce extra panes pane via unspecified vectors related to "the link to reorder items." Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Commerce Extra Panes v7.x-1.x antes de v7.x-1.1 para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que activan o desactivan un panel Commerce extra panes a través de vectores no especificados relacionados con "el enlace a la reordenación de elementos" • http://drupal.org/node/1802192 http://drupal.org/node/1802258 http://osvdb.org/85892 http://secunia.com/advisories/50802 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/55776 https://exchange.xforce.ibmcloud.com/vulnerabilities/79025 • CWE-352: Cross-Site Request Forgery (CSRF) •