Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-07 | CVE-2010-5277 | Unspecified vulnerability in Karim Ratib Views Bulk Operations Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. | 4.9 |
| 2012-10-07 | CVE-2010-5276 | Permissions, Privileges, and Access Controls vulnerability in Memcache Project Memcache The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | 4.3 |
| 2012-10-07 | CVE-2010-5275 | Cross-Site Scripting vulnerability in Memcache Project Memcache Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-06 | CVE-2012-5305 | Cross-Site Scripting vulnerability in Directadmin 1.403 Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | 4.3 |
| 2012-10-06 | CVE-2012-5304 | Code Injection vulnerability in Yuriy V Semenikhin YVS Image Gallery Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. | 7.5 |
| 2012-10-06 | CVE-2012-1634 | Cross-Site Scripting vulnerability in Hans Nilsson Video Filter Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. | 4.3 |
| 2012-10-06 | CVE-2012-1624 | Cross-Site Scripting vulnerability in Lingotek Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. | 3.5 |
| 2012-10-06 | CVE-2012-1623 | Permissions, Privileges, and Access Controls vulnerability in Aidanlister Regcode The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | 5.0 |
| 2012-10-06 | CVE-2012-1565 | Security vulnerability in eZ Publish Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference. | 7.5 |
| 2012-10-06 | CVE-2012-1564 | Cross-Site Scripting vulnerability in Yuriy V Semenikhin YVS Image Gallery Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |