Vulnerabilities > David Alkire
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-27 | CVE-2013-0257 | Permissions, Privileges, and Access Controls vulnerability in David Alkire Email2Image 6.X1.X/6.X2.X The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. | 5.0 |
| 2012-11-30 | CVE-2012-4479 | SQL Injection vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-11-30 | CVE-2012-4478 | Cross-Site Request Forgery (CSRF) vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | 6.8 |
| 2012-11-30 | CVE-2012-4477 | Permissions, Privileges, and Access Controls vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | 5.0 |
| 2012-11-30 | CVE-2012-4476 | Cross-Site Scripting vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-30 | CVE-2012-4472 | Unspecified vulnerability in David Alkire Drag & Drop Gallery 6.X1.5 Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter. | 5.1 |