Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.20 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
6.1
CVSSv3
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
NA
CVE-2012-5652
Drupal 6.x prior to 6.27 allows remote malicious users to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result.
Drupal Drupal 6.6
Drupal Drupal 6.25
Drupal Drupal 6.11
Drupal Drupal 6.13
Drupal Drupal 6.20
Drupal Drupal 6.19
Drupal Drupal 6.4
Drupal Drupal 6.12
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.26
Drupal Drupal 6.5
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.18
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.1
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.15
NA
CVE-2012-0825
Drupal 6.x prior to 6.23 and 7.x prior to 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote malicious users to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.7
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 7.4
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.13
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 7.x-dev
Drupal Drupal 7.10
NA
CVE-2012-0826
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x prior to 6.23 and 7.x prior to 7.11 allows remote malicious users to hijack the authentication of unspecified victims for requests that update feeds and possibly cause a denial of service (loss...
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.3
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.15
Drupal Drupal 6.21
Drupal Drupal 6.22
Drupal Drupal 6.4
Drupal Drupal 6.5
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.18
7.5
CVSSv3
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
NA
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.19
5.9
CVSSv3
CVE-2016-3166
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submit...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.3
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.16
Drupal Drupal 6.15
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.36
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.20
Drupal Drupal 6.9
Drupal Drupal 6.7
7.4
CVSSv3
CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" para...
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.34
Drupal Drupal 6.33
Drupal Drupal 6.20
Drupal Drupal 6.2
Drupal Drupal 6.19
Drupal Drupal 6.18
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.4
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.29
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.16
Drupal Drupal 6.14
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.28
8.1
CVSSv3
CVE-2016-3171
Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.45, 5.5.x prior to 5.5.29, or 5.6.x prior to 5.6.13, might allow remote malicious users to execute arbitrary code via vectors related to session data truncation.
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.36
Drupal Drupal 6.34
Drupal Drupal 6.28
Drupal Drupal 6.26
Drupal Drupal 6.2
Drupal Drupal 6.18
Drupal Drupal 6.13
Drupal Drupal 6.11
Drupal Drupal 6.0
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.1
Drupal Drupal 6.32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »