Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
709 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-6532 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | ||||
CVE-2008-6413 | 2 Drupal, Ticklespace | 2 Drupal, Answers Module | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. | ||||
CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2024-11-21 | N/A |
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-6171 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | ||||
CVE-2008-6170 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. | ||||
CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2024-11-21 | N/A |
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | ||||
CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2024-11-21 | N/A |
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2024-11-21 | N/A |
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | ||||
CVE-2008-5999 | 1 Drupal | 2 Ajax Checklist, Drupal | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | ||||
CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | ||||
CVE-2008-5996 | 2 Drupal, Link3 | 2 Drupal, Simplenews | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | ||||
CVE-2008-4793 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | ||||
CVE-2008-4792 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | ||||
CVE-2008-4791 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
CVE-2008-4790 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | ||||
CVE-2008-4789 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | ||||
CVE-2008-4710 | 1 Drupal | 2 Drupal, Stock Module | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-4633 | 1 Drupal | 2 Drupal, Node Clone | 2024-11-21 | N/A |
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | ||||
CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2024-11-21 | N/A |
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. |