Lucene search
K

8 matches found

RustSec
RustSec
added 2026/02/19 12:0 p.m.10 views

`rpc-check` was removed from crates.io for malicious code

It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/21 12:0 a.m.175 views

Drupal Pubdlcnt 7.x-1.2 Open Redirection

Exploit Title : Drupal Pubdlcnt Modules 7.x-1.2 Public Download Count Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/02/2019 Vendor Homepage : drupal.org Software Download Links : ftp.drupal.org/files/projects/pubdlcnt-7.x-1.3.tar.gz...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/06/09 12:0 a.m.2 views

Drupal Public Download Count Module Open Redirect Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An open redirect vulnerability exists in the Drupal Public Download Count module. Allow attackers to exploit the vulnerability to allow users to access malicious websites,...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2015/04/23 12:0 a.m.3 views

Drupal Public Download Count Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Public Download Count module. This vulnerability allows attackers to inject arbitrary web script or HTML...

3.5CVSS6.1AI score0.00965EPSS
Exploits0References1
Prion
Prion
added 2015/04/21 6:59 p.m.9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00965EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/04/21 6:0 p.m.12 views

CVE-2015-3389

Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00965EPSS
Exploits0References4
Drupal
Drupal
added 2015/02/04 12:0 a.m.17 views

SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting (XSS) - Unsupported

Public Download Count module keeps track of file download counts. The module doesn't sufficiently sanitize user supplied text in the Download counts report page thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wit...

3.5CVSS6AI score0.00965EPSS
Exploits0References9
Drupal
Drupal
added 2011/06/22 12:0 a.m.11 views

SA-CONTRIB-2011-025 - Juitter & Download Count - Cross Site Scripting (XSS)

Two modules are being unsupported due to cross site scripting issues. The Juitter module enables you to use Juitter, a jQuery plugin, to put live Twitter search results on your site. The Juitter module contains a cross site scripting XSS vulnerability that can be exploited when setting up the...

5.8AI score
Exploits0References10
Rows per page
Query Builder