UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.
821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ceThe Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.
70f531879deaaf37ddbaa94bb6cc139601124e7c2ba8a519650348b97938972dDrupal version 6.22 with Finder version 6.x-1.9 suffers from code execution and cross site scripting vulnerabilities.
bc5bc7291e47cd928211933f2d494e8136c2644c4d6690eaa62b5d3f085f4987Drupal version 6.22 with SuperCron version 6.x-1.3 suffers from a cross site scripting vulnerability.
8a89f2d6aafb86f8a2a868799cba22ec0847d46793c38a7e65f20270b976c80eDrupal version 6.20 with String Overrides version 6.x-1.8 and Drupal version 5.21 with String Overrides version 5.x-1.8 suffer from a cross site scripting vulnerability.
4886ee54f2d7167744489a6e50bdf6359d0772cfb3bb6eedc3e6b62a29164bf5AeroMail version 2.80 suffers from cross site request forgery and cross site scripting vulnerabilities.
7d8348ae426db7749bce33b433bb0507a0f5501f057b7a688857e2ebaf601f48Drupal version 6.20 with Webform 6.x-2.10, Drupal version 7.0 with Webform 7.x-3.9, and Drupal with Webform 5.x-2.10 suffer from a cross site scripting vulnerability.
86969780e0c29c50c061717a7410ebf22550a712b72b091795725d2c804bfc1dThe Cisco Linksys Wireless G Broadband Router WRT54G with firmware version 4.21.1 suffers from a cross site scripting vulnerability.
33023e6063d14ffdaada37d384498349e1d019e88d22a6bd58eef458b22376b7Drupal version 6.20 with Data version 6.x-1.0-alpha14 suffers from cross site scripting and remote SQL injection vulnerabilities.
46eef7ea59d38b661e543d3aaba60f8b3839c80236b4b0afc2de402f2b8e5e30The Drupal Panels module suffers from a cross site scripting vulnerability.
aa5cfc88566f07e1009870ca9ea3e273c1b7bbcae3e506c69c86ba57bfc6bf5bThe Drupal Custom Pagers module suffers from a cross site scripting vulnerability.
cab16e3ac4743cefc8da1868c35b89ad4f17bc21940d4376a82f748a39ce0426Drupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a remote shell upload vulnerability.
e48961e06a533cdacb83ae8fbdad0975b4725257cfb9d09b3c3f24ddff09fb8aDrupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a cross site scripting vulnerability.
3e4fc930adc768a98c38cadb8899485067256c5adccd77f043a3393b44404281Drupal 6.19 with Embedded Media Field 6.x-1.25 and CCK 6.x-2.8 suffers from a cross site scripting vulnerability.
942aa53253a2fea2261b05afd7ad82385ca049ed6118c536ad6802209f62795ce107 version 0.7.22 suffers from cross site request forgery and cross site scripting vulnerabilities.
18d87a1b6633c7641658c0f1c3580accf0a28d401bcf0ac63de69bd33dc3896fDrupal version 6.16 with OG Menu version 6.x-2.0 suffers from a cross site scripting vulnerability.
90ba50652c68e07d46bed384d999ee9ffe0b6ebe74a4d3578bb1841d6fd8f9faNuralStorm Webmail version 0.985b suffers from cross site scripting, disclosure and shell upload vulnerabilities.
87b1b77abb1761e2c38189b3ae0aea0e15431e70b50b65cbf6474919342c5afcDrupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability.
195ac8bf25a0d707e3dc03d63a39790bd60056ef575e948ce4d41f1c34ef8240Drupal version 6.16 with Ctools version 6.x-1.3 suffers from php code execution and cross site request forgery vulnerabilities.
02708ebc4a7031d1ab08b6893f5465c38bd939d369d6a4680693dddb7adbde18Drupal version 6.16 with Context 6.x-2.0-rc3 suffers from a cross site scripting vulnerability.
60da3e51c76210519e7e81f11c5f70fbb360bdfc9c1cc11b08f832b7508a79c7Task Freak version 0.6.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c2e4cad3acc7ebac98343078acf155f038484525fd60cc340c10109c9c504e8fDrupal version 6.16 with Better Formats version 6.x-1.2 suffers from a cross site scripting vulnerability.
1583fef88d5e7e8ecd74daf3c557126159e3862b4dccc8a9f398f8ce70f7be62Drupal 6.15 with Twitter module version 6.x-2.6 suffers from a clear text credential storage vulnerability.
f184fe692d1293ed78a1fa021abafba9d09c38eb50ed2aebbfb5e19fb19a59bddotProject version 2.1.3 suffers from a cross site scripting vulnerability.
6a41f1c88b87339033dbbb43f92739c1f8be8e37050efa0cdbb345277320d5ebMagento Community Edition version 1.3.2.43 suffers from cross site scripting vulnerabilities.
dbd525978d8ace31114ca6b8b08a0aa779f3c2209c1480624da0447ea6beeb0f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed