| Max CVSS | 6.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-5651 | 5.0 |
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.
|
29-08-2017 - 01:32 | 03-01-2013 - 01:55 | |
| CVE-2012-5652 | 5.0 |
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
|
29-08-2017 - 01:32 | 03-01-2013 - 01:55 | |
| CVE-2012-5653 | 6.0 |
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
|
29-08-2017 - 01:32 | 03-01-2013 - 01:55 | |
| CVE-2012-5655 | 5.0 |
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request.
|
07-01-2013 - 05:00 | 03-01-2013 - 01:55 | |
| CVE-2012-5654 | 4.3 |
The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when configured to automatically generate description meta tags from node text, does not properly filter node content when creating tags, which might allow remote attackers to obtain sens
|
03-01-2013 - 05:00 | 03-01-2013 - 01:55 |