Filtered by vendor Drupal Subscriptions
Filtered by product Drupal Subscriptions
Total 709 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-6532 1 Drupal 1 Drupal 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.
CVE-2008-6413 2 Drupal, Ticklespace 2 Drupal, Answers Module 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question.
CVE-2008-6383 1 Drupal 2 Drupal, Storm 2024-11-21 N/A
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6171 1 Drupal 1 Drupal 2024-11-21 N/A
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
CVE-2008-6170 1 Drupal 1 Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.
CVE-2008-6137 1 Drupal 2 Drupal, Everyblog 2024-11-21 N/A
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors.
CVE-2008-6135 1 Drupal 2 Drupal, Everyblog 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6134 1 Drupal 2 Drupal, Everyblog 2024-11-21 N/A
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-6020 1 Drupal 2 Drupal, Views 2024-11-21 N/A
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
CVE-2008-5999 1 Drupal 2 Ajax Checklist, Drupal 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.
CVE-2008-5998 1 Drupal 2 Ajax Checklist, Drupal 2024-11-21 N/A
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.
CVE-2008-5996 2 Drupal, Link3 2 Drupal, Simplenews 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
CVE-2008-4793 1 Drupal 1 Drupal 2024-11-21 N/A
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
CVE-2008-4792 1 Drupal 1 Drupal 2024-11-21 N/A
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
CVE-2008-4791 1 Drupal 1 Drupal 2024-11-21 N/A
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.
CVE-2008-4790 1 Drupal 1 Drupal 2024-11-21 N/A
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
CVE-2008-4789 1 Drupal 1 Drupal 2024-11-21 N/A
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."
CVE-2008-4710 1 Drupal 2 Drupal, Stock Module 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4633 1 Drupal 2 Drupal, Node Clone 2024-11-21 N/A
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
CVE-2008-3745 1 Drupal 2 Drupal, Upload Module 2024-11-21 N/A
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.