Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 4.5.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-1871
Unknown vulnerability in the privilege system in Drupal 4.4.0 up to and including 4.6.0, when public registration is enabled, allows remote malicious users to gain privileges, due to an "input check" that "is not implemented properly."
Drupal Drupal 4.5.1
Drupal Drupal 4.5.2
Drupal Drupal 4.6.0
Drupal Drupal 4.4.2
Drupal Drupal 4.5.0
Drupal Drupal 4.4.0
Drupal Drupal 4.4.1
6.8
CVSSv2
CVE-2007-6752
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and previous versions allows remote malicious users to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by...
Drupal Drupal 4.6.0
Drupal Drupal 4.6
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 4.6.5
Drupal Drupal 4.5.4
Drupal Drupal 6.0
Drupal Drupal 4.7.2
Drupal Drupal 4.6.10
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 4.6.9
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 4.5.0
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
1 EDB exploit
6.4
CVSSv2
CVE-2005-3974
Drupal 4.5.0 up to and including 4.5.5 and 4.6.0 up to and including 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote malicious users to bypass the "access user profiles" permission.
Drupal Drupal 4.6
Drupal Drupal 4.6.1
Drupal Drupal 4.5.2
Drupal Drupal 4.5.3
Drupal Drupal 4.5.4
Drupal Drupal 4.5.5
Drupal Drupal 4.5
Drupal Drupal 4.5.1
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
5.1
CVSSv2
CVE-2006-1228
Session fixation vulnerability in Drupal 4.5.x prior to 4.5.8 and 4.6.x prior to 4.5.8 allows remote malicious users to gain privileges by tricking a user to click on a URL that fixes the session identifier.
Drupal Drupal 4.5.0
Drupal Drupal 4.5.1
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.5.2
Drupal Drupal 4.5.3
5
CVSSv2
CVE-2006-1225
CRLF injection vulnerability in Drupal 4.5.x prior to 4.5.8 and 4.6.x prior to 4.5.8 allows remote malicious users to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.
Drupal Drupal 4.5.3
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.5.0
Drupal Drupal 4.5.1
Drupal Drupal 4.5.2
5
CVSSv2
CVE-2005-2106
Unknown vulnerability in Drupal 4.5.0 up to and including 4.5.3, 4.6.0, and 4.6.1 allows remote malicious users to execute arbitrary PHP code via a public comment or posting.
Drupal Drupal 4.5.3
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.5.0
Drupal Drupal 4.5.1
Drupal Drupal 4.5.2
1 EDB exploit
4.6
CVSSv2
CVE-2006-1227
Drupal 4.5.x prior to 4.5.8 and 4.6.x prior to 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote malicious users to access administrator pages.
Drupal Drupal 4.5.6
Drupal Drupal 4.5.7
Drupal Drupal 4.5.2
Drupal Drupal 4.5.3
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.5.0
Drupal Drupal 4.5.1
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.5.4
Drupal Drupal 4.5.5
Drupal Drupal 4.6.4
Drupal Drupal 4.6.5
4.3
CVSSv2
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altFi...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp H300s Firmware -
Debian Debian Linux 9.0
Drupal Drupal
Oracle Hospitality Suite8 8.10.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Primavera Unifier 17.7
Oracle Primavera Unifier 17.8
Oracle Primavera Unifier 17.9
Oracle Primavera Unifier 17.10
Oracle Primavera Unifier 17.11
4.3
CVSSv2
CVE-2021-41183
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Debian Debian Linux 9.0
Drupal Drupal
Oracle Hospitality Suite8 8.10.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Plm 9.3.6
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Weblogic Server 14.1.1.0.0
Oracle Banking Platform 2.9.0
4.3
CVSSv2
CVE-2021-41184
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option...
Jqueryui Jquery Ui
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Drupal Drupal
Tenable Tenable.sc
Oracle Hospitality Suite8 8.10.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Hospitality Materials Control 18.1
Oracle Agile Plm 9.3.6
Oracle Weblogic Server 12.2.1.4.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »