Vulnerabilities > Drupal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-20 | CVE-2012-1631 | Cross-Site Request Forgery (CSRF) vulnerability in Databasepublish Admin:Hover Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors. | 6.8 |
| 2012-09-20 | CVE-2012-1626 | SQL Injection vulnerability in Karen Stevenson Date SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
| 2012-09-20 | CVE-2012-1625 | Code Injection vulnerability in Wizonesolutions Fillpdf Eval injection vulnerability in the fillpdf_form_export_decode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors. | 6.0 |
| 2012-09-20 | CVE-2012-1633 | Cross-Site Request Forgery (CSRF) vulnerability in Erikwebb Password Policy Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user. | 6.8 |
| 2012-09-19 | CVE-2012-1638 | SQL Injection vulnerability in Dominique Clause Search Autocomplete SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
| 2012-09-18 | CVE-2012-1656 | SQL Injection vulnerability in Wesjones Multisite Search 6.X2.2 SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. | 6.8 |
| 2012-09-18 | CVE-2012-1655 | Information Disclosure vulnerability in Sven Decabooter UC Paydutchgroup / Wedeal Payment 6.X1.0 Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. | 4.0 |
| 2012-09-17 | CVE-2012-2062 | Input Validation vulnerability in Multiple Drupal Modules Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.4 |
| 2012-09-17 | CVE-2012-2061 | Cross-Site Request Forgery (CSRF) vulnerability in Nijskens RAF Admintools Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens." | 6.8 |
| 2012-09-17 | CVE-2012-2060 | Cross-Site Scripting vulnerability in Nijskens RAF Admintools Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |