CVE-2011-4113
https://notcve.org/view.php?id=CVE-2011-4113
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments." Vulnerabilidad de inyección SQL en el módulo Views antes de v6.x-2.13 para Drupal permite a atacantes remotos ejecutar comandos SQL a través de vectores relacionados con "filtros o argumentos en ciertos tipos de vistas con configuraciones específicas de los argumentos." • http://drupal.org/node/1329842 http://drupal.org/node/1329898 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html http://secunia.com/advisories/46680 http://secunia.com/advisories/46962 http://www.openwall.com/lists/oss-security/2011/11/04/3 http://www.osvdb.org/76809 http://www.securityfocus.com/bid/50500 https://exchange.xforce.ibmcloud.com/vulnerabilities/71124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-0914
https://notcve.org/view.php?id=CVE-2012-0914
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administración en el módulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar código web script de su elección o HTML a través del 'title' Region. • http://drupal.org/node/1409436 http://drupal.org/node/1409446 http://drupal.org/node/1409448 http://drupalcode.org/project/panels.git/commit/2066d59 http://drupalcode.org/project/panels.git/commit/d844942 http://osvdb.org/78367 http://secunia.com/advisories/47649 http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability http://www.securityfocus.com/bid/51568 https://exchange.xforce.ibmcloud.com/vulnerabilities/72549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4520
https://notcve.org/view.php?id=CVE-2010-4520
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Views v6.x anterior v6.x-2.11 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del título (1) una URL o (2)un título aggregator • http://drupal.org/node/829840 http://www.openwall.com/lists/oss-security/2010/12/16/7 http://www.openwall.com/lists/oss-security/2010/12/22/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4521
https://notcve.org/view.php?id=CVE-2010-4521
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Views v6.x anterior v6.x-2.12 para Drupal permite a atacantes remotos inyectar código web y HTML de su elección a través de la ruta de página. • http://drupal.org/node/999380 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052802.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052814.html http://www.openwall.com/lists/oss-security/2010/12/16/7 http://www.openwall.com/lists/oss-security/2010/12/22/1 http://www.vupen.com/english/advisories/2011/0011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4519
https://notcve.org/view.php?id=CVE-2010-4519
Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la implementación de Views UI en el módulo Views v5.x anterior v5.x-1.8 y v6.x anterior v6.x-2.11 para Drupal permite a atacantes remotos secuestar la autenticación de administradores para peticiones que (1) activa todas las Views (2) inactiva todas Views. • http://drupal.org/node/829840 http://www.openwall.com/lists/oss-security/2010/12/16/7 http://www.openwall.com/lists/oss-security/2010/12/22/1 • CWE-352: Cross-Site Request Forgery (CSRF) •