Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.20 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
7.5
CVSSv2
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
5.8
CVSSv2
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Drupal Drupal 7.9
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.25
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.29
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.32
Drupal Drupal 6.33
Drupal Drupal 6.34
Drupal Drupal 7.6
Drupal Drupal 7.8
Drupal Drupal 7.13
5.8
CVSSv2
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
5
CVSSv2
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
5.8
CVSSv2
CVE-2016-3164
Drupal 6.x prior to 6.38, 7.x prior to 7.43, and 8.x prior to 8.0.4 might allow remote malicious users to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.1
Drupal Drupal 8.0.0
Drupal Drupal 7.32
Drupal Drupal 7.x-dev
Drupal Drupal 7.5
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.28
Drupal Drupal 7.21
Drupal Drupal 7.2
Drupal Drupal 7.15
Drupal Drupal 7.13
Drupal Drupal 7.0
Drupal Drupal 6.8
Drupal Drupal 6.6
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.18
4.3
CVSSv2
CVE-2016-3166
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submit...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.3
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.16
Drupal Drupal 6.15
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.36
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.20
Drupal Drupal 6.9
Drupal Drupal 6.7
6.4
CVSSv2
CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" para...
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.34
Drupal Drupal 6.33
Drupal Drupal 6.20
Drupal Drupal 6.2
Drupal Drupal 6.19
Drupal Drupal 6.18
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.4
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.29
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.16
Drupal Drupal 6.14
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.28
8.5
CVSSv2
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.38
Drupal Drupal 7.37
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.20
Drupal Drupal 7.0
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
Drupal Drupal 6.0
6.8
CVSSv2
CVE-2016-3169
The User module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 allows remote malicious users to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.32
Drupal Drupal 7.x-dev
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.7
Drupal Drupal 7.28
Drupal Drupal 7.27
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.12
Drupal Drupal 7.11
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.30
Drupal Drupal 6.3
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »