CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2010-5276
https://notcve.org/view.php?id=CVE-2010-5276
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." El módulo Memcache v5.x antes de v5.x-1.10 y v6.x antes de v6.x-1.6 para Drupal, no maneja adecuadamente el objeto $user en memcache_admin, lo que puede "conducir a un cambio de rol no reconocido hasta que el usuario se conecta de nuevo." • http://drupal.org/node/926478 http://drupal.org/node/927016 http://secunia.com/advisories/41663 http://www.vupen.com/english/advisories/2010/2543 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2010-5275
https://notcve.org/view.php?id=CVE-2010-5275
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en memcache_admin en el módulo Memcache v5.x antes de v5.x-1.10 y v6.x antes de v6.x-1.6 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/926478 http://drupal.org/node/927016 http://secunia.com/advisories/41663 http://www.vupen.com/english/advisories/2010/2543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2010-5277
https://notcve.org/view.php?id=CVE-2010-5277
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. Vulnerabilidad no especificada en el módulo Views Bulk Operations v6 antes de v6.x-1.10 para Drupal, permite a usuarios remotos autenticados con permisos de administración de usuario evitar restricciones de acceso y eliminar usuarios anónimos (usuarios 0) a través de vectores no especificados. • http://drupal.org/node/933596 http://drupal.org/node/933960 http://secunia.com/advisories/41696 http://www.securityfocus.com/bid/43813 https://exchange.xforce.ibmcloud.com/vulnerabilities/62316 •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1624
https://notcve.org/view.php?id=CVE-2012-1624
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Lingotek v6.x-1.x anteriores a v6.x-1.40 para Drupal, permite a atacantes remotos inyectar secuencias de comandos Web o HTML cuando (1) crea o (2) edita el contenido de la página. • http://drupal.org/node/1394220 http://drupal.org/node/1394412 http://secunia.com/advisories/47453 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/78185 http://www.securityfocus.com/bid/51272 https://exchange.xforce.ibmcloud.com/vulnerabilities/72151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2012-1634
https://notcve.org/view.php?id=CVE-2012-1634
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en video_filter.codecs.inc en el módulo Video Filter v6.x-2.x y v7.x-2.x para Drupal, permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro EMBEDLOOKUP sobre enlaces Blip.tv. • http://drupal.org/node/1401838 http://drupalcode.org/project/video_filter.git/commit/49680a6 http://drupalcode.org/project/video_filter.git/commit/c90c86e http://justin.madirish.net/content/drupal-video-filter-6x-28-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51381 https://exchange.xforce.ibmcloud.com/vulnerabilities/72359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •