CVSS: 7.5EPSS: 0%CPEs: 39EXPL: 0CVE-2015-7875
https://notcve.org/view.php?id=CVE-2015-7875
07 Aug 2017 — ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. ctools 6.x-1.x en versiones anteriores a la 6.x-1.14 y 7.x-1.x en versiones anteriores a la 7.x-1.8 en Drupal no verifica el permiso "edit" para los plugins "content type" que se utilizan en Panels y sistemas similares para colocar contenido y funcionalidades en una página. • http://www.openwall.com/lists/oss-security/2015/10/21/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 78EXPL: 0CVE-2015-6665 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6665
24 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. Vulnerabilidad de XSS en el manejador Ajax en Drupal 7.x en versiones anteriores a la 7.39 y el módulo Ctools 6.x-1.x en versiones anteriores a 6.x-1.14 para Drupal, permite a atacantes remotos inyectar secuencias de coman... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4398
https://notcve.org/view.php?id=CVE-2015-4398
16 Jun 2015 — Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors involving processing confirmation delete pages. Vulnerabilidad de redirección abierta en el módulo Chaos tool suite (ctools) anterior a 6.x-1.12 y 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar... • http://www.openwall.com/lists/oss-security/2015/03/22/35 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2015-4375
https://notcve.org/view.php?id=CVE-2015-4375
15 Jun 2015 — The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity. El módulo Chaos tool suite (ctools) 7.x-1.x anterior a 7.x-1.7 para Drupal permite a atacantes remotos obtener títulos de nodos a través (1) de una búsqueda de autocompletado en entidades personalizadas sin indicador de consulta de acceso o (2) del aprove... • http://www.openwall.com/lists/oss-security/2015/03/22/35 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1925
https://notcve.org/view.php?id=CVE-2013-1925
16 Jul 2013 — The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list. El módulo Chaos Tool Suite (ctools) 7.x-1.x anterior a 7.x-1.3 para Drupal no restringe adecuadamente el acceso a los nodos, lo que permite a usuarios autenticados remotamente con permisos de "acceso al contenido" la lectura de nodos restringidos a través de una list... • http://osvdb.org/91986 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2082
https://notcve.org/view.php?id=CVE-2012-2082
14 Aug 2012 — Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el modulo para Drupal la Chaos tool suite (alias ctools) v7.x-1.x antes de v7.x-1.0 permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso de publica... • http://drupal.org/node/1507412 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •