Page 58 of 723 results (0.018 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2012-4498

https://notcve.org/view.php?id=CVE-2012-4498

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. El módulo Activism v6.x-2.x antes de v6.x-2.1 para Drupal no restringe adecuadamente el acceso al tipo de contenido "Campaña", lo que podría permitir a atacantes remotos evitar las restricciones de acceso y posiblemente tener un impacto no especificado. • http://drupal.org/node/1762152 http://drupal.org/node/1762160 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2012-4487

https://notcve.org/view.php?id=CVE-2012-4487

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. El módulo Subuser antes de v6.x-1.8 para Drupal no comprueba correctamente los permisos "switch subuser", lo que permite cambiar su rol a usuarios remotos autenticados por el de un subusuario que éste haya creado. • http://drupal.org/node/1700550 http://drupal.org/node/1700584 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2012-4493

https://notcve.org/view.php?id=CVE-2012-4493

Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la interfaz de administración del módulo "Better Revisions" v7.x-1.x antes v7.x-1.1 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso "administrar mejores revisiones" a través de vectores no especificados. • http://drupal.org/node/1713378 http://drupal.org/node/1719402 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-4497

https://notcve.org/view.php?id=CVE-2012-4497

Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. Vulnerabilidad de Cross-Site Scripting (XSS) en "3 slide gallery" en el módulo Elegant Theme en versiones 7.x-1.x anteriores a la 7.x-1.1 para Drupal permite que usuarios autenticados remotos con el permiso "administer themes" inyecten scripts web o HTML arbitrarios mediante una URL de slide. • http://drupal.org/node/1722880 http://drupal.org/node/1733056 http://drupalcode.org/project/elegant_theme.git/commitdiff/bdea7b1 http://secunia.com/advisories/50273 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2012-5704

https://notcve.org/view.php?id=CVE-2012-5704

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself. El módulo Hotblocks v6.x-1.x antes de v6.x-1.8 para Drupal permite a usuarios remotos autenticados y con permiso "administrar hotblocks" causar una denegación de servicio (bucle infinito y timeout) a través de un bloque que hace referencia a sí mismo. • http://drupal.org/node/1732828 http://drupal.org/node/1732946 http://www.madirish.net/543 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-399: Resource Management Errors •