261221
|
- |
|
ricky_morse
|
excluded_users
|
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4490
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261222
|
- |
|
earl_dunovant
|
monthly_archive_by_node_type
|
The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4491
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261223
|
- |
|
isaac_sukin
|
shorten
|
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4492
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261224
|
- |
|
mime_mail_module_project
|
mimemail
|
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4495
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261225
|
- |
|
nancy_wichmann
|
announcements
|
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4500
|
2013-03-2 13:45 |
2012-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261226
|
- |
|
pizzashack
|
rssh
|
rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3478
|
2013-03-2 13:44 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261227
|
- |
|
justsystems
|
atok
|
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4016
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261228
|
- |
|
jb\+
|
jigbrowser\+
|
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
|
CWE-94
Code Injection
|
CVE-2012-4017
|
2013-03-2 13:44 |
2012-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261229
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4020
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261230
|
- |
|
mosp
|
kintai_kanri
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information …
|
CWE-287
Improper Authentication
|
CVE-2012-4021
|
2013-03-2 13:44 |
2012-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|