CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2011-2687
https://notcve.org/view.php?id=CVE-2011-2687
Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. Drupal 7.x en versiones anteriores a la 7.3 permite a atacantes remotos evitar las restricciones previstas node_access a través de vectores relacionados con un listado que muestra nodos pero falla una claúsula JOIN en la tabla de nodos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385 http://drupal.org/node/1204582 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html http://secunia.com/advisories/45081 http://secunia.com/advisories/45291 http://www.openwall.com/lists/oss-security/2011/07/11/2 http://www.openwall.com/lists/oss-security/2011/07/12/16 http://www.securityfocus.com/bid/48505 https: • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4813
https://notcve.org/view.php?id=CVE-2010-4813
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Category Tokens v6.x antes de v6.x-1.1 para Drupal permite a usuarios autenticados remotamente con permisos para administrar la taxonomía inyectar secuencias de comandos web o HTML editando o creando nombres de vocabulario, que no son manipulados adecuadamente en la ayuda del token • http://drupal.org/node/968176 http://osvdb.org/69145 http://secunia.com/advisories/42168 http://www.securityfocus.com/bid/44780 https://exchange.xforce.ibmcloud.com/vulnerabilities/63203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2011-1663
https://notcve.org/view.php?id=CVE-2011-1663
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo Translation Management versiones 6.x anteriores a 6.x-1.21 para Drupal, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 http://www.securityfocus.com/bid/47098 https://exchange.xforce.ibmcloud.com/vulnerabilities/66476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1661
https://notcve.org/view.php?id=CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. Node Quick Find module v6.x-1.1 para Drupal no utiliza db_rewrite_sql cuando presenta títulos de nodo, permitiendo a atacantes remotos evitar las restricciones de acceso y leer títulos de nodo potencialmente sensibles a través de la característica autocomplete. • http://drupal.org/files/issues/db_rewrite_sql_12.patch http://drupal.org/node/1080114 http://drupal.org/node/1118408 http://secunia.com/advisories/44046 http://www.securityfocus.com/bid/47238 https://exchange.xforce.ibmcloud.com/vulnerabilities/66604 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2011-1662
https://notcve.org/view.php?id=CVE-2011-1662
Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Translation Management v6.x anterior a v6.x-1.21 para Drupal, permite a atacantes remotos inyectar secuencias de comando web o HTML a través de vectores no especificados. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 http://www.securityfocus.com/bid/47098 https://exchange.xforce.ibmcloud.com/vulnerabilities/66475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •