CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 1CVE-2012-2303
https://notcve.org/view.php?id=CVE-2012-2303
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. El módulo Spaces v6.x-3.x antes de v6.x-3.4 para Drupal no cumple los permisos de páginas no-objeto, lo que permite a atacantes remotos obtener información sensible y posiblemente tener otros impactos a través de vectores no especificados sobre (1) Spaces o (2) el módulo Spaces OG. • http://drupal.org/node/1547730 http://drupal.org/node/1547736 http://drupalcode.org/project/spaces.git/commitdiff/cee919c http://secunia.com/advisories/48930 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.osvdb.org/81556 http://www.securityfocus.com/bid/53252 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2717
https://notcve.org/view.php?id=CVE-2012-2717
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Mobile Tools v6.x-2.x antes de v6.x-2.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el campo Mobile URL o (2) el campo Desktop URL a la página de configuración general, o (3) el mensaje a las opciones de bloqueo de mensajes de Mobile Tools. • http://drupal.org/node/1169008 http://drupal.org/node/1608828 http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc http://osvdb.org/82410 http://secunia.com/advisories/49318 http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53734 https://exchange.xforce.ibmcloud.com/vulnerabilities/76002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3802
https://notcve.org/view.php?id=CVE-2012-3802
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. Vulnerabilidad no especificada en el módulo Post Affiliate Pro (PAP) para Drupal, permite a usuarios autenticados remotamente leer las comisiones de otros usuarios a través de vectores de ataque desconocidos. • http://drupal.org/node/1585648 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53589 https://exchange.xforce.ibmcloud.com/vulnerabilities/75716 •
CVSS: 2.6EPSS: 0%CPEs: 20EXPL: 1CVE-2012-2731
https://notcve.org/view.php?id=CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesión en la tabla de configuración de páginas cargadas, lo que podría permitir a atacantes remotos obtener información sensible espiando o leyendo la caché del HTML de una página Web. • http://drupal.org/node/1619586 http://drupal.org/node/1633048 http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53999 https://exchange.xforce.ibmcloud.com/vulnerabilities/76332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2715
https://notcve.org/view.php?id=CVE-2012-2715
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función themes_links en template.php en el módulo del tema Amadou v6.x-1.x anterior a v6.x-1.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con atributos class en una lista de enlaces. • http://drupal.org/node/1608730 http://drupal.org/node/1608780 http://drupalcode.org/project/amadou.git/commitdiff/071ea83 http://secunia.com/advisories/49328 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82433 http://www.securityfocus.com/bid/53732 https://exchange.xforce.ibmcloud.com/vulnerabilities/75997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •