Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-0783

Malware in sbrugna...

6.8CVSS6.4AI score0.02062EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-2289

Malware in sbrugna...

5CVSS6.4AI score0.01563EPSS
Exploits0References8
NVD
NVD
added 2012/07/25 9:55 p.m.15 views

CVE-2012-2296

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

5CVSS6.2AI score0.01563EPSS
Exploits0References7
Prion
Prion
added 2012/07/25 9:55 p.m.16 views

Design/Logic Flaw

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

5CVSS6.7AI score0.01563EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2012/07/25 9:0 p.m.24 views

CVE-2012-2296

The Janrain Engage formerly RPX module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability...

6.2AI score0.01563EPSS
Exploits0References7
CVE
CVE
added 2012/07/25 9:0 p.m.43 views

CVE-2012-2296

The CVE-2012-2296 issue affects the Janrain Engage (formerly RPX) Drupal module. It states that user profile data from Engage is stored in session tables (and also in the users table) for Drupal 6.x-1.x, 6.x-2.x prior to 6.x-2.2, and 7.x-2.x prior to 7.x-2.2, which could enable remote attackers t...

5CVSS6.4AI score0.01563EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2012/04/04 12:0 a.m.23 views

SA-CONTRIB-2012-056 - Janrain Engage - Sensitive Data Protection Vulnerability

CVE: CVE-2012-2296 Using Janrain Engage, Drupal sites can authenticate new and existing users with popular social networks, map user profile data from these websites to Drupal fields, and share Drupal content with a user's friends on their social networks. The module permanently retains the...

5CVSS5.8AI score0.01563EPSS
Exploits0References10
NVD
NVD
added 2011/02/04 1:0 a.m.13 views

CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

6.8CVSS6.1AI score0.02062EPSS
Exploits0References6
Prion
Prion
added 2011/02/04 1:0 a.m.13 views

Cross site scripting

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

6.8CVSS6.4AI score0.02062EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/02/04 12:0 a.m.18 views

CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

6.1AI score0.02062EPSS
Exploits0References6
CVE
CVE
added 2011/02/04 12:0 a.m.34 views

CVE-2011-0771

The CVE-2011-0771 entry concerns the Drupal module Janrain Engage (RPX) 6.x-1.3, which fails to validate the avatar/profile image file. This vulnerability allows remote authenticated users to perform cross-site scripting (XSS) and potentially execute arbitrary PHP code by triggering a crafted ava...

6.8CVSS6.2AI score0.02062EPSS
Exploits0References6Affected Software1
Drupal
Drupal
added 2011/01/19 12:0 a.m.15 views

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...

6.9AI score
Exploits0References9
Rows per page
Query Builder