Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal project 5.0 vulnerabilities and exploits
(subscribe to this query)
8.5
CVSSv2
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
Drupal Project 4.6
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
6
CVSSv2
CVE-2007-0506
The project_issue_access function in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue informat...
Drupal Project 4.6
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
6.4
CVSSv2
CVE-2008-0577
The Project Issue Tracking module 5.x-2.x-dev prior to 20080130 in the 5.x-2.x series, 5.x-1.2 and previous versions in the 5.x-1.x series, 4.7.x-2.6 and previous versions in the 4.7.x-2.x series, and 4.7.x-1.6 and previous versions in the 4.7.x-1.x series for Drupal (1) does not...
Drupal Project Issue Tracking Module 4.7
Drupal Project Issue Tracking Module 5.0
4.3
CVSSv2
CVE-2009-1576
Unspecified vulnerability in Drupal 5.x prior to 5.17 and 6.x prior to 6.11, as used in vbDrupal prior to 5.17.0, allows user-assisted remote malicious users to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causin...
Drupal Drupal 5.0
Drupal Drupal 5.16
Drupal Drupal 6.0
Drupal Drupal 6.8
Drupal Drupal 6.10
Drupal Drupal 6.9
Drupal Drupal 5.11
Drupal Drupal 6.6
Drupal Drupal 6.2
Drupal Drupal 5.12
Drupal Drupal 5.10
Drupal Drupal 5.13
Drupal Drupal 6.1
Drupal Drupal 6.3
Drupal Drupal 6.7
Drupal Drupal 5.1 Rev1.1
Drupal Drupal 5.1
Drupal Drupal 5.15
Drupal Drupal 5.14
Drupal Drupal 6.5
Drupal Drupal 6.4
4.3
CVSSv2
CVE-2009-1575
Cross-site scripting (XSS) vulnerability in Drupal 5.x prior to 5.17 and 6.x prior to 6.11, as used in vbDrupal prior to 5.17.0, allows remote malicious users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treat...
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Drupal 5.4
Drupal Drupal 5.5
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 6.0
Drupal Drupal 6
Drupal Drupal 6.5
Drupal Drupal 5.1 Rev1.1
Drupal Drupal 5.2
Drupal Drupal 5.3
Drupal Drupal 5.9
Drupal Drupal 5.12
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.10
Drupal Drupal 6.4
Drupal Drupal 5.7
Drupal Drupal 5.8
Drupal Drupal 6.6
Drupal Drupal 6.8
4.3
CVSSv2
CVE-2009-2373
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x prior to 6.13 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Drupal 6.3
Drupal Drupal 6.0
Drupal Drupal 5.14
Drupal Drupal 5.16
Drupal Drupal 5.2
Drupal Drupal 5.8
Drupal Drupal 6.8
Drupal Drupal 6.10
Drupal Drupal 6.9
Drupal Drupal 6.12
Drupal Drupal 5.1 Rev1.1
Drupal Drupal 5.13
Drupal Drupal 5.3
Drupal Drupal 5.5.
Drupal Drupal 5.4
Drupal Drupal 5.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 5.1
Drupal Drupal 5.9
3.5
CVSSv2
CVE-2010-3093
The comment module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
Drupal Drupal 5.4
Drupal Drupal 5.5
Drupal Drupal 5.6
Drupal Drupal 5.7
Drupal Drupal 5.20
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.0
Drupal Drupal 5.12
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.15
Drupal Drupal 5.1
Drupal Drupal 5.3
Drupal Drupal 5.8
Drupal Drupal 5.10
Drupal Drupal 5.17
Drupal Drupal 5.19
Drupal Drupal 5.2
Drupal Drupal 5.9
Drupal Drupal 5.11
Drupal Drupal 5.16
5.5
CVSSv2
CVE-2010-3092
The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different...
Drupal Drupal 5.0
Drupal Drupal 5.10
Drupal Drupal 5.11
Drupal Drupal 5.12
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.2
Drupal Drupal 5.3
Drupal Drupal 5.4
Drupal Drupal 5.5
Drupal Drupal 5.19
Drupal Drupal 5.20
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.1
Drupal Drupal 5.6
Drupal Drupal 5.8
Drupal Drupal 5.15
Drupal Drupal 5.17
Drupal Drupal 5.7
Drupal Drupal 5.9
Drupal Drupal 5.16
3.5
CVSSv2
CVE-2015-7229
The Twitter module 6.x-5.x prior to 6.x-5.2, 7.x-5.x prior to 7.x-5.9, and 7.x-6.x prior to 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter"...
Twitter Project Twitter 7.x-5.1
Twitter Project Twitter 7.x-5.2
Twitter Project Twitter 7.x-5.3
Twitter Project Twitter 7.x-5.4
Twitter Project Twitter 7.x-6.0
Twitter Project Twitter 6.x-5.x
Twitter Project Twitter 7.x-5.0
Twitter Project Twitter 7.x-5.5
Twitter Project Twitter 7.x-5.7
Twitter Project Twitter 6.x-5.0
Twitter Project Twitter 6.x-5.1
Twitter Project Twitter 7.x-5.6
Twitter Project Twitter 7.x-5.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started