EUVD-2012-5474

Malware in sbrugna...

EUVD-2012-4428

Malware in sbrugna...

CVE-2012-5587

Cross-site scripting XSS vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link...

CVE-2012-5588

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...

CVE-2012-4499

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...

CVE-2012-5588

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...

CVE-2012-5587

CVE-2012-5587 is a Cross-site Scripting (XSS) vulnerability in the Drupal Email Field contributed module (6.x-1.x) prior to 6.x-1.3. The issue allows remote attackers to inject arbitrary web script or HTML via the mailto link output, affecting Drupal 6.x sites using that module. Core Drupal is no...

CVE-2012-5587

Cross-site scripting XSS vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link...

CVE-2012-5588

The CVE-2012-5588 entry concerns the Drupal Email Field module (6.x-1.x) before 6.x-1.3. When used with a field-permission module and the contact field formatter set to full or teaser, it fails to properly check permissions, potentially allowing remote attackers to email the stored address throug...

CVE-2012-5588

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...

CVE-2012-4499

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...

Code injection

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...

CVE-2012-4499

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors...

CVE-2012-4499

The CVE-2012-4499 issue affects the Drupal Email Field module (versions 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.1). The vulnerability arises on the contact formatter page, allowing remote attackers to email the stored address in the entity via unspecified vectors. The impact is exposu...