Total
721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2012-11-01 | 5.0 MEDIUM | N/A |
| The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | |||||
| CVE-2012-2069 | 2 Drupal, Mclewin | 2 Drupal, Wishlist | 2012-10-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. | |||||
| CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2012-10-15 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | |||||
| CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2012-10-08 | 4.3 MEDIUM | N/A |
| The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
| CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2012-10-08 | 5.0 MEDIUM | N/A |
| The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||||
| CVE-2010-5275 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2012-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1636 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2012-10-02 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | |||||
| CVE-2012-5233 | 2 Drupal, Luke Herrington | 2 Drupal, Stickynote | 2012-10-02 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs. | |||||
| CVE-2012-1638 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2012-09-21 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5007 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2012-09-20 | 5.0 MEDIUM | N/A |
| The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-1625 | 2 Drupal, Wizonesolutions | 2 Drupal, Fillpdf | 2012-09-20 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. NOTE: Some of these details are obtained from third party information. | |||||
| CVE-2012-1632 | 2 Drupal, Erik Webb | 2 Drupal, Password Policy | 2012-09-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2012-1651 | 2 Drupal, Thinkleft | 2 Drupal, Submenu Tree | 2012-09-20 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2012-09-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-2306 | 2 Drupal, Willem Van Der Plaat | 2 Drupal, Addressbook | 2012-09-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-2064 | 2 Drupal, Mark Theunissen | 2 Drupal, Views Lang Switch | 2012-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2012-2065 | 2 Drupal, Freso | 2 Drupal, Languageicons | 2012-09-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-2083 | 2 Drupal, Fusiondrupalthemes | 2 Drupal, Fusion | 2012-09-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2012-2116 | 2 Commerceguys, Drupal | 2 Commerce Reorder, Drupal | 2012-09-04 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. | |||||
| CVE-2012-1642 | 2 Drupal, Yaml-fuer-drupal | 2 Drupal, Linkchecker | 2012-08-29 | 5.0 MEDIUM | N/A |
| includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||