CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0CVE-2012-5652
https://notcve.org/view.php?id=CVE-2012-5652
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. Drupal v6.x antes de v6.27 permite a atacantes remotos obtener información sensible acerca de los archivos subidos a través de un (1) feed RSS o (2) resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88527 http://secunia.com/advisories/51517 http://www.debian.org/security/2013/dsa-2776 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80794 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2012-5654
https://notcve.org/view.php?id=CVE-2012-5654
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sensitive information by reading the (1) description, (2) dc.description or (3) og:description meta tags. El módulo Nodewords: D6 Meta Tags antes de v6.x-1.14 para Drupal, cuando se configura para generar automáticamente las etiquetas meta descripción de texto del nodo, no filtra correctamente el contenido del nodo al crear las etiquetas, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de las etiquetas (1) description, (2) dc.description o (3) og:description • http://drupal.org/node/1859208 http://drupal.org/node/1859282 http://www.openwall.com/lists/oss-security/2012/12/20/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 1%CPEs: 72EXPL: 2CVE-2012-5653
https://notcve.org/view.php?id=CVE-2012-5653
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. La característica de carga de archivos en Drupal v6.x antes de v6.27 y v7.x antes de v7.18 permite a usuarios remotos autenticados eludir el mecanismo de protección y ejecutar código PHP arbitrario a través de un byte nulo en un nombre de archivo. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88529 http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80795 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-5590
https://notcve.org/view.php?id=CVE-2012-5590
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Webmail Plus para Drupal permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://drupal.org/node/1853268 http://www.openwall.com/lists/oss-security/2012/11/29/2 http://www.securityfocus.com/bid/56720 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2012-5591
https://notcve.org/view.php?id=CVE-2012-5591
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de Zero Point v6.x-1.x antes de v6.x-1.18 y v7.x-1.x antes de v7.x-1.4 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los alias de ruta. • http://drupal.org/node/1853350 http://drupal.org/node/1853358 http://drupal.org/node/1853376 http://www.openwall.com/lists/oss-security/2012/11/29/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •