8 matches found
`rpc-check` was removed from crates.io for malicious code
It was attempting to steal credentials from the POLYMARKETPRIVATEKEY environment variable. The malicious crate had 3 versions published on 2026-02-15 and had been downloaded only 155 times. There were no crates depending on this crate on crates.io. Thanks to Sisong Li for finding and reporting th...
Drupal Pubdlcnt 7.x-1.2 Open Redirection
Exploit Title : Drupal Pubdlcnt Modules 7.x-1.2 Public Download Count Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/02/2019 Vendor Homepage : drupal.org Software Download Links : ftp.drupal.org/files/projects/pubdlcnt-7.x-1.3.tar.gz...
Drupal Public Download Count Module Open Redirect Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An open redirect vulnerability exists in the Drupal Public Download Count module. Allow attackers to exploit the vulnerability to allow users to access malicious websites,...
Drupal Public Download Count Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Public Download Count module. This vulnerability allows attackers to inject arbitrary web script or HTML...
Cross site scripting
Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3389
Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting (XSS) - Unsupported
Public Download Count module keeps track of file download counts. The module doesn't sufficiently sanitize user supplied text in the Download counts report page thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wit...
SA-CONTRIB-2011-025 - Juitter & Download Count - Cross Site Scripting (XSS)
Two modules are being unsupported due to cross site scripting issues. The Juitter module enables you to use Juitter, a jQuery plugin, to put live Twitter search results on your site. The Juitter module contains a cross site scripting XSS vulnerability that can be exploited when setting up the...