Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent no...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Fedoraproject Fedora 16
6.1
CVSSv3
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
6.1
CVSSv3
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Drupal Drupal 7.9
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.25
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.29
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.32
Drupal Drupal 6.33
Drupal Drupal 6.34
Drupal Drupal 7.6
Drupal Drupal 7.8
Drupal Drupal 7.13
8.1
CVSSv3
CVE-2016-5385
PHP up to and including 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirec...
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Communications User Data Repository 10.0.1
Oracle Linux 6
Oracle Linux 7
Oracle Communications User Data Repository 12.0.0
Oracle Communications User Data Repository 10.0.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Hp Storeever Msl6480 Tape Library Firmware
Hp System Management Homepage
Php Php
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Opensuse Leap 42.1
Drupal Drupal
1 Github repository
1 Article
7.4
CVSSv3
CVE-2016-3164
Drupal 6.x prior to 6.38, 7.x prior to 7.43, and 8.x prior to 8.0.4 might allow remote malicious users to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.1
Drupal Drupal 8.0.0
Drupal Drupal 7.32
Drupal Drupal 7.x-dev
Drupal Drupal 7.5
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.28
Drupal Drupal 7.21
Drupal Drupal 7.2
Drupal Drupal 7.15
Drupal Drupal 7.13
Drupal Drupal 7.0
Drupal Drupal 6.8
Drupal Drupal 6.6
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.18
7.5
CVSSv3
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
5.9
CVSSv3
CVE-2016-3166
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submit...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.3
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.16
Drupal Drupal 6.15
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.36
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.20
Drupal Drupal 6.9
Drupal Drupal 6.7
6.4
CVSSv3
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.38
Drupal Drupal 7.37
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.20
Drupal Drupal 7.0
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
Drupal Drupal 6.0
7.5
CVSSv3
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
7.4
CVSSv3
CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" para...
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.34
Drupal Drupal 6.33
Drupal Drupal 6.20
Drupal Drupal 6.2
Drupal Drupal 6.19
Drupal Drupal 6.18
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.4
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.29
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.16
Drupal Drupal 6.14
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.28
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »