Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-07 | CVE-2010-5276 | Permissions, Privileges, and Access Controls vulnerability in Memcache Project Memcache The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | 4.3 |
| 2012-10-07 | CVE-2010-5275 | Cross-Site Scripting vulnerability in Memcache Project Memcache Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-10-06 | CVE-2012-1634 | Cross-Site Scripting vulnerability in Hans Nilsson Video Filter Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. | 4.3 |
| 2012-10-06 | CVE-2012-1623 | Permissions, Privileges, and Access Controls vulnerability in Aidanlister Regcode The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | 5.0 |
| 2012-10-01 | CVE-2012-1636 | Cross-Site Request Forgery (CSRF) vulnerability in Luke Herrington Stickynote 7.X1.0/7.X1.X Cross-site request forgery (CSRF) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of users for requests that delete stickynotes via unspecified vectors. | 4.3 |
| 2012-10-01 | CVE-2012-2153 | Permissions, Privileges, and Access Controls vulnerability in Drupal Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | 4.0 |
| 2012-10-01 | CVE-2012-1591 | Permissions, Privileges, and Access Controls vulnerability in Drupal The image module in Drupal 7.x before 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote attackers to read private image styles. | 5.0 |
| 2012-10-01 | CVE-2012-1590 | Permissions, Privileges, and Access Controls vulnerability in Drupal The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | 4.0 |
| 2012-09-25 | CVE-2012-1646 | Cross-Site Scripting vulnerability in Drupal FAQ Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module. | 4.3 |
| 2012-09-20 | CVE-2012-5007 | Permissions, Privileges, and Access Controls vulnerability in Wizonesolutions Fillpdf The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to write to arbitrary PDF files via unspecified vectors related to the fillpdf_merge_pdf function and incorrect arguments, a different vulnerability than CVE-2012-1625. | 5.0 |