Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2008-10004
A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack ...
Email Registration Project Email Registration 5.x-2.1
9.8
CVSSv3
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
9.8
CVSSv3
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Drupal 6.20
Drupal Data 6.x-1.0
9.8
CVSSv3
CVE-2018-7600
Drupal prior to 7.58, 8.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1 allows remote malicious users to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
3 EDB exploits
65 Github repositories
2 Articles
8.8
CVSSv3
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
8.1
CVSSv3
CVE-2016-5385
PHP up to and including 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirec...
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Communications User Data Repository 10.0.1
Oracle Linux 6
Oracle Linux 7
Oracle Communications User Data Repository 12.0.0
Oracle Communications User Data Repository 10.0.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Hp Storeever Msl6480 Tape Library Firmware
Hp System Management Homepage
Php Php
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Opensuse Leap 42.1
Drupal Drupal
1 Github repository
1 Article
8.1
CVSSv3
CVE-2016-3169
The User module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 allows remote malicious users to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
8.1
CVSSv3
CVE-2016-3171
Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.45, 5.5.x prior to 5.5.29, or 5.6.x prior to 5.6.13, might allow remote malicious users to execute arbitrary code via vectors related to session data truncation.
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.5
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.15
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.20
Drupal Drupal 6.21
7.5
CVSSv3
CVE-2015-7875
ctools 6.x-1.x prior to 6.x-1.14 and 7.x-1.x prior to 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 6.x-1.0
Chaos Tool Suite Project Ctools 6.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 6.x-1.7
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 6.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.x
Chaos Tool Suite Project Ctools 6.x-1.4
Chaos Tool Suite Project Ctools 6.x-1.9
Chaos Tool Suite Project Ctools 7.x-1.3
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 6.x-1.x
Chaos Tool Suite Project Ctools 6.x-1.11
Chaos Tool Suite Project Ctools 6.x-1.2
Chaos Tool Suite Project Ctools 6.x-1.5
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 6.x-1.13
Chaos Tool Suite Project Ctools 6.x-1.3
Chaos Tool Suite Project Ctools 6.x-1.8
Chaos Tool Suite Project Ctools 6.x-1.12
Chaos Tool Suite Project Ctools 7.x-1.5
7.5
CVSSv3
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 6.4
Drupal Drupal 6.11
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.26
Drupal Drupal 6.30
Drupal Drupal 6.7
Drupal Drupal 6.22
Drupal Drupal 6.8
Drupal Drupal 6.27
Drupal Drupal 6.19
Drupal Drupal 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »