MidnightBSD

Advisories for bryce_hamrick

CVE-2012-2727 MEDIUM

Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
bryce_hamrick janrain_capture 6.x-1.0
bryce_hamrick janrain_capture 7.x-1.0
CVE-2012-3798 MEDIUM

The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
bryce_hamrick janrain_capture 6.x-1.0
bryce_hamrick janrain_capture 7.x-1.0