|
261401
|
- |
|
privatemsg_project
|
privatemsg
|
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4468
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261402
|
- |
|
philip_ludlam
|
listhandler
|
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4470
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261403
|
- |
|
dominique_clause
|
search_autocomplete
|
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4471
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261404
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an…
|
NVD-CWE-Other
|
CVE-2012-4472
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261405
|
- |
|
david_alkire
|
drag_\&_drop_gallery
|
Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-4472
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261406
|
- |
|
christian_johansson
|
restrict_node_page_view
|
The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "view any node page" or "view any node {type} page" permission to access unpublished no…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4473
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261407
|
- |
|
colorbox_node
|
dennis_blake
|
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4474
|
2013-01-30 13:54 |
2012-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261408
|
- |
|
sixapart
|
movable_type
|
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct e…
|
CWE-287
Improper Authentication
|
CVE-2013-0209
|
2013-01-29 14:00 |
2013-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261409
|
- |
|
ge
|
intelligent_platforms_proficy_hmi\/scada_cimplicity
intelligent_platforms_proficy_process_systems_with_cimplicity
intelligent_platforms_proficy_process_systems
|
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPL…
|
CWE-22
Path Traversal
|
CVE-2013-0653
|
2013-01-29 14:00 |
2013-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261410
|
- |
|
ge
|
intelligent_platforms_proficy_hmi\/scada_cimplicity
intelligent_platforms_proficy_process_systems_with_cimplicity
intelligent_platforms_proficy_process_systems
|
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a…
|
CWE-20
Improper Input Validation
|
CVE-2013-0654
|
2013-01-29 14:00 |
2013-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
