Filtered by vendor Drupal
Subscribe
Total
823 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2017-08-16 | 7.5 HIGH | N/A |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | |||||
CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | |||||
CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2017-08-16 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6229 | 1 Drupal | 1 Content Construction Kit | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. | |||||
CVE-2008-6532 | 1 Drupal | 1 Drupal | 2017-08-16 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | |||||
CVE-2008-6160 | 1 Drupal | 1 Semantically Interconnected Online Communities | 2017-08-16 | 5.0 MEDIUM | N/A |
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. | |||||
CVE-2008-6137 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-16 | 7.5 HIGH | N/A |
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | |||||
CVE-2008-6533 | 1 Drupal | 1 Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
CVE-2008-6413 | 2 Drupal, Ticklespace | 2 Drupal, Answers Module | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question. | |||||
CVE-2008-6908 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2017-08-16 | 7.5 HIGH | N/A |
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | |||||
CVE-2008-6136 | 1 Drupal | 1 Everyblog | 2017-08-16 | 7.5 HIGH | N/A |
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | |||||
CVE-2008-6135 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-6384 | 1 Drupal | 1 Comment Mail | 2017-08-16 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. | |||||
CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2017-08-16 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | |||||
CVE-2009-0603 | 1 Drupal | 2 Drupal, Link Module | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-0575 | 1 Drupal | 1 Views Bulk Operations | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-16 | 7.5 HIGH | N/A |
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2008-6171 | 1 Drupal | 1 Drupal | 2017-08-16 | 9.3 HIGH | N/A |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
CVE-2008-7151 | 2 Drupal, Gurpartap Singh | 2 Drupal, Live | 2017-08-16 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code. | |||||
CVE-2008-6170 | 1 Drupal | 1 Drupal | 2017-08-16 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. |