Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-2772
The Magic Tabs module 5.x prior to 5.x-1.1 for Drupal allows remote malicious users to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
Drupal Magic Tabs Module 5
7.5
CVSSv2
CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote malicious users to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
Lifetype Lifetype
1 EDB exploit
7.5
CVSSv2
CVE-2008-1731
The Simple Access module for Drupal 5.x up to and including 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote malicious users to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to i...
3281d Simple Access 5.x-1.1
3281d Simple Access 5.x-1.x-dev
3281d Simple Access 5.x-1.2
3281d Simple Access 5.x-1.2-1
3281d Simple Access 5.x-1.0
3281d Simple Access 5.x-1.0-beta1
7.5
CVSSv2
CVE-2007-6299
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x prior to 4.7.9 and 5.x prior to 5.4 allow remote malicious users to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ...
Drupal Drupal 4.4.1
Drupal Drupal 4.4.2
Drupal Drupal 4.5.5
Drupal Drupal 4.5.6
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.7
Drupal Drupal 4.7.1
Drupal Drupal 4.7.8
Drupal Drupal 4.7 Rev1.15
Drupal Drupal 4.2.0 Rc
Drupal Drupal 4.4.0
Drupal Drupal 4.5.3
Drupal Drupal 4.5.4
Drupal Drupal 4.6.1
Drupal Drupal 4.6.10
Drupal Drupal 4.6.11
Drupal Drupal 4.6.8
Drupal Drupal 4.6.9
Drupal Drupal 4.7.6
Drupal Drupal 4.7.7
Drupal Drupal 4.0.0
7.5
CVSSv2
CVE-2007-5270
Unspecified vulnerability in the Boost module prior to 4.7.x-1.0, and 5.x prior to 5.x-1.0, for Drupal allows remote malicious users to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors.
Bendiken Boost Module For Drupal
7.5
CVSSv2
CVE-2007-2160
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and prior to 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote malicious users to perform unauthorized actions as an arbitrary user, a related issue to CVE-200...
Drupal Database Administration Module 4.6
Drupal Database Administration Module 4.7
7.5
CVSSv2
CVE-2007-1033
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote malicious users to bypass access restrictions via a crafted URL.
Drupal Secure Site Module 5.0
Drupal Secure Site Module 4.7
7.5
CVSSv2
CVE-2007-1035
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote malicious users to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vec...
Drupal Audio Module
Drupal Getid3 1.7.1
Drupal Mediafield Module
7.5
CVSSv2
CVE-2006-6528
The Chatroom Module prior to 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote malicious users to hijack sessions and gain privileges.
Drupal Chatroom Module
7.5
CVSSv2
CVE-2006-6529
The Chatroom Module prior to 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote malicious users to obtain sensitive information by reading the overview.
Drupal Chatroom Module 4.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »