Lucene search
K

7 matches found

Drupal
Drupal
added 2013/02/13 12:0 a.m.20 views

SA-CONTRIB-2013-016 - Banckle Chat - Access bypass - Unsupported

This module enables you to chat with the visitors of your web site. The module doesn't sufficiently check access to its admin pages. This vulnerability is not mitigated. CVE identifiers issued CVE-2013-0318 Versions affected All Banckle Chat 7.x-1.x versions. Drupal core is not affected. If you d...

10CVSS6.4AI score0.02043EPSS
Exploits0References8
Drupal
Drupal
added 2012/11/28 12:0 a.m.22 views

SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)

The Webmail plus module is a full-featured email client for Drupal. It's designed to provide email for any or all members of a Drupal site. The module doesn't sufficiently sanitize user input as it is used in a database query. CVE: CVE-2012-5590 Versions affected All Webmail Plus module versions...

7.5CVSS6.5AI score0.0121EPSS
Exploits0References8
Drupal
Drupal
added 2012/07/11 12:0 a.m.25 views

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn't sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into t...

4.3CVSS6.5AI score0.01161EPSS
Exploits0References10
Drupal
Drupal
added 2012/03/28 12:0 a.m.26 views

SA-CONTRIB-2012-047 - Ubercart Views - Information disclosure

CVE: CVE-2012-2074 Ubercart Views provides Views integration for the Ubercart shopping cart module, and includes default views that contain a critical information disclosure bug. In some versions, these views are disabled by default, but still disclose information if you enable them. Versions...

5CVSS6.1AI score0.01563EPSS
Exploits0References10
Drupal
Drupal
added 2011/06/08 12:0 a.m.15 views

SA-CONTRIB-2011-024 - Spam - Cross Site Request Forgery (CSFR)

The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of...

6.7AI score
Exploits0References9
Drupal
Drupal
added 2008/06/18 12:0 a.m.14 views

SA-2008-037 - TrailScout - XSS and SQL injection

The TrailScout module displays a number of last visited pages as breadcrumbs. The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross sit...

7.7AI score
Exploits0References6
Drupal
Drupal
added 2007/03/08 12:0 a.m.11 views

Project issue tracking - Access bypass

If a remote user knows the node identifier of an issue that has been marked private using a node access module simpleaccess, nodeprivacybyrole, etc, they can use a specially crafted URL to view the contents of the node, regardless of their own privileges. All that is required is the "access proje...

7.2AI score
Exploits0References2
Rows per page
Query Builder