Filtered by vendor Drupal
Subscribe
Total
833 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-0506 | 1 Drupal | 2 Project, Project Issue Tracking Module | 2023-12-10 | 6.0 MEDIUM | N/A |
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. | |||||
CVE-2008-0571 | 1 Drupal | 1 Userpoints Module | 2023-12-10 | 4.3 MEDIUM | N/A |
The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points. | |||||
CVE-2006-5608 | 1 Drupal | 1 Extended Tracker | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." | |||||
CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | |||||
CVE-2005-3973 | 1 Drupal | 1 Drupal | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. | |||||
CVE-2005-2106 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | |||||
CVE-2005-3974 | 1 Drupal | 1 Drupal | 2023-12-10 | 6.4 MEDIUM | N/A |
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | |||||
CVE-2006-4356 | 1 Drupal | 1 Drupal Easylinks Module | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-3570 | 1 Drupal | 1 Drupal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-2260 | 1 Drupal | 1 Drupal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
CVE-2006-4108 | 1 Drupal | 1 Bibliography Module | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-1227 | 1 Drupal | 1 Drupal | 2023-12-10 | 4.6 MEDIUM | N/A |
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | |||||
CVE-2006-4107 | 1 Drupal | 1 Job Search | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | |||||
CVE-2006-2832 | 1 Drupal | 1 Drupal | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | |||||
CVE-2006-2831 | 1 Drupal | 1 Drupal | 2023-12-10 | 7.5 HIGH | N/A |
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | |||||
CVE-2006-4355 | 1 Drupal | 1 Drupal Easylinks Module | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-1228 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.1 MEDIUM | N/A |
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | |||||
CVE-2006-2742 | 1 Drupal | 1 Drupal | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | |||||
CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2023-12-10 | 7.5 HIGH | N/A |
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. |