NotCVE - vendor:"Drupal" product:"Drupal"

Page 86 of 723 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2012-2718

https://notcve.org/view.php?id=CVE-2012-2718

SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." Vulnerabilidad de inyección SQL en el módulo Counter para Drupal permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados relacionados con la "grabación de visitas". • http://drupal.org/node/1608854 http://osvdb.org/82527 http://www.securityfocus.com/bid/53736 https://exchange.xforce.ibmcloud.com/vulnerabilities/76004 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1

CVE-2012-2716

https://notcve.org/view.php?id=CVE-2012-2716

Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. Una vulnerabilidad de falsificación de peticiones en sitios cruzados(CSRF) en el módulo 'Comment Moderation' v6.x-1.x antes de v6.x-1.1 para Drupal permite a atacantes remotos secuestrar la autentificación de los administradores en las solicitudes que publican comentarios. • http://drupal.org/node/1538768 http://drupal.org/node/1608822 http://drupalcode.org/project/comment_moderation.git/commitdiff/f18c3de http://osvdb.org/82434 http://secunia.com/advisories/49326 http://www.securityfocus.com/bid/53738 https://exchange.xforce.ibmcloud.com/vulnerabilities/75998 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 79EXPL: 2

CVE-2012-2922

https://notcve.org/view.php?id=CVE-2012-2922

The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. La función request_path en includes/bootstrap.inc en Drupal v7.14 y anteriores, permite a atacantes remotos obtener información sensible a través del parámetro q[] sobre index.php, lo que revela el path de instalación en un mensaje de error. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html http://osvdb.org/81817 http://secunia.com/advisories/49131 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/08/02/8 http://www.securityfocus.com/bid/53454 https://exchange.xforce.ibmcloud.com/vulnerabilities/75531 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2012-2339

https://notcve.org/view.php?id=CVE-2012-2339

Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Glosario ("Glossary") 6.x-1.x anteriores a la 6.x-1.8 de Drupal. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores sin especificar relacionados con información de taxonomías. • http://drupal.org/node/1568156 http://drupal.org/node/1569482 http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac http://secunia.com/advisories/49074 http://www.openwall.com/lists/oss-security/2012/05/10/6 http://www.openwall.com/lists/oss-security/2012/05/11/2 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.openwall.com/lists/oss-security/2012/06/15/6 http://www.securityfocus.com/bid/53440 https://exchange.xforce.ibmcloud. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2012-2340

https://notcve.org/view.php?id=CVE-2012-2340

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. El módulo Contact Forms v7.x-1.x y anteriores a v7.x-1.2 para Drupal no especifica permisos suficientemente restrictivos, lo que permite a usuarios remotos autenticados con "acceso al formulario de contacto" permiso para modificar los ajustes del módulo a través de no vectores no especificados. • http://drupal.org/node/1569352 http://drupal.org/node/1569508 http://drupalcode.org/project/contact_forms.git/commitdiff/d11ce2b http://secunia.com/advisories/49070 http://www.openwall.com/lists/oss-security/2012/05/10/6 http://www.openwall.com/lists/oss-security/2012/05/11/2 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.openwall.com/lists/oss-security/2012/06/15/6 http://www.securityfocus.com/bid/53441 • CWE-264: Permissions, Privileges, and Access Controls •

1...84 85 86 87 88