Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 5.4 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2013-4275
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x prior to 7.x-3.2, and 7.x-5.x prior to 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitr...
Zen Project Zen
NA
CVE-2015-7229
The Twitter module 6.x-5.x prior to 6.x-5.2, 7.x-5.x prior to 7.x-5.9, and 7.x-6.x prior to 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter"...
Twitter Project Twitter 6.x-5.0
Twitter Project Twitter 7.x-6.0
Twitter Project Twitter 7.x-5.4
Twitter Project Twitter 6.x-5.x
Twitter Project Twitter 7.x-5.1
Twitter Project Twitter 7.x-5.7
Twitter Project Twitter 7.x-5.0
Twitter Project Twitter 7.x-5.3
Twitter Project Twitter 7.x-5.6
Twitter Project Twitter 6.x-5.1
Twitter Project Twitter 7.x-5.2
Twitter Project Twitter 7.x-5.5
Twitter Project Twitter 7.x-5.8
NA
CVE-2014-7980
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x prior to 7.x-3.3 and 7.x-5.x prior to 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip...
Drupal Zen 7.x-5.3
Drupal Zen 7.x-5.0
Drupal Zen 7.x-5.1
Drupal Zen 7.x-5.4
Drupal Zen 7.x-3.1
Drupal Zen 7.x-3.2
Drupal Zen 7.x-5.2
Drupal Zen 7.x-3.0
NA
CVE-2012-2922
The request_path function in includes/bootstrap.inc in Drupal 7.14 and previous versions allows remote malicious users to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 5.7
Drupal Drupal 7.8
Drupal Drupal 6.4
Drupal Drupal 7.5
Drupal Drupal 5.23
Drupal Drupal 5.0
Drupal Drupal 6.11
Drupal Drupal 7.10
NA
CVE-2007-6752
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and previous versions allows remote malicious users to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by...
Drupal Drupal 4.6.0
Drupal Drupal 4.6
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 4.6.5
Drupal Drupal 4.5.4
Drupal Drupal 6.0
Drupal Drupal 4.7.2
Drupal Drupal 4.6.10
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 4.6.9
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 4.5.0
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
1 EDB exploit
NA
CVE-2010-3092
The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different...
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 5.17
Drupal Drupal 5.13
Drupal Drupal 5.12
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 5.16
Drupal Drupal 5.15
Drupal Drupal 5.18
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 5.19
Drupal Drupal 5.5
Drupal Drupal 5.14
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 5.11
NA
CVE-2010-3093
The comment module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 5.17
Drupal Drupal 5.13
Drupal Drupal 5.12
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 5.16
Drupal Drupal 5.15
Drupal Drupal 5.18
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 5.19
Drupal Drupal 5.5
Drupal Drupal 5.14
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 5.11
NA
CVE-2009-4369
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x prior to 5.21 and 6.x prior to 6.15 allows remote authenticated users with "administer site-wide contact form" permiss...
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 5.12
Drupal Drupal 5.2
Drupal Drupal 6.12
Drupal Drupal 5.7
Drupal Drupal 6.4
Drupal Drupal 5.0
Drupal Drupal 6.11
Drupal Drupal 5.16
Drupal Drupal 5.15
Drupal Drupal 5.x
Drupal Drupal 5.18
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
NA
CVE-2009-2373
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x prior to 6.13 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 5.13
Drupal Drupal 5.12
Drupal Drupal 5.2
Drupal Drupal 6.12
Drupal Drupal 5.7
Drupal Drupal 6.4
Drupal Drupal 5.0
Drupal Drupal 6.11
Drupal Drupal 5.1 Rev1.1
Drupal Drupal 5.16
Drupal Drupal 5.15
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 6.5
Drupal Drupal 5.5
NA
CVE-2009-1844
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.18 and 6.x prior to 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not...
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.2
Drupal Drupal 5.13
Drupal Drupal 5.12
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 6.4
Drupal Drupal 6.11
Drupal Drupal 5.16
Drupal Drupal 5.0
Drupal Drupal 5.15
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 6.5
Drupal Drupal 5.5
Drupal Drupal 6.10
Drupal Drupal 6.6
Drupal Drupal 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »