Search Results (946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2727 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2012-2728 2 Drupal, Ronan Dowling 2 Drupal, Node Hierarchy 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action.
CVE-2012-2729 2 Adcillc, Drupal 2 Simplemeta, Drupal 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry.
CVE-2012-2730 2 Alexis Wilke, Drupal 2 Protected Node, Drupal 2025-04-11 N/A
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
CVE-2012-2731 2 Drupal, Richardo Ante 2 Drupal, Ubercart Ajax Cart 2025-04-11 N/A
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
CVE-2012-2907 2 Drupal, Ishmael Sanchez 2 Drupal, Aberdeen 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.
CVE-2012-2922 1 Drupal 1 Drupal 2025-04-11 N/A
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
CVE-2012-3798 2 Bryce Hamrick, Drupal 2 Janrain Capture, Drupal 2025-04-11 N/A
The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.
CVE-2012-3799 2 Blaine Lang, Drupal 2 Maestro, Drupal 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences.
CVE-2012-3800 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
CVE-2012-3802 2 Drupal, Peter Pokrivcak 2 Drupal, Post Affiliate Pro 2025-04-11 N/A
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors.
CVE-2012-4468 2 Drupal, Privatemsg Project 2 Drupal, Privatemsg 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a user name in a private message.
CVE-2012-4469 2 Drupal, Simon Rycroft 2 Drupal, Hashcash 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module.
CVE-2012-4470 2 Drupal, Philip Ludlam 2 Drupal, Listhandler 2025-04-11 N/A
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-1589 1 Drupal 1 Drupal 2025-04-11 N/A
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
CVE-2012-1588 1 Drupal 1 Drupal 2025-04-11 N/A
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
CVE-2012-1060 2 Drupal, Rik De Boer 2 Drupal, Revisioning 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.
CVE-2012-1057 2 Drupal, Sean Robertson 2 Drupal, Forward 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control."
CVE-2012-1056 2 Drupal, Sean Robertson 2 Drupal, Forward 2025-04-11 N/A
The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors.
CVE-2012-0914 2 Drupal, Earl Miles 2 Drupal, Panels 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.