Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 5.x vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2010-2472
Locale module and dependent contributed modules in Drupal 6.x prior to 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an malicious user to perform a cross-site scripting (XSS) attack. Th...
Drupal Drupal
6.1
CVSSv3
CVE-2010-2471
Drupal versions 5.x and 6.x has open redirection
Drupal Drupal
Debian Debian Linux 5.0
NA
CVE-2007-5593
install.php in Drupal 5.x prior to 5.3, when the configured database server is not reachable, allows remote malicious users to execute arbitrary code via vectors that cause settings.php to be modified.
Drupal Drupal
Fedoraproject Fedora 7
NA
CVE-2007-5594
Drupal 5.x prior to 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote malicious users to delete users via a cross-site request forgery (CSRF) attack.
Drupal Drupal
Fedoraproject Fedora 7
NA
CVE-2008-6137
EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to bypass access restrictions via unknown vectors.
Drupal Everyblog 5.0
Drupal Everyblog 6.0
NA
CVE-2008-0571
The point moderation form in the Userpoints 4.7.x prior to 4.7.x-2.3, 5.x-2 prior to 5.x-2.16, and 5.x-3 prior to 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote malicious users to conduct cross-site request forgery (CSRF) a...
Drupal Userpoints Module 4.7
Drupal Userpoints Module 5.0
NA
CVE-2008-6134
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Drupal Everyblog 5.0
Drupal Everyblog 6.0
NA
CVE-2008-6135
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Everyblog 5.0
Drupal Everyblog 6.0
NA
CVE-2008-6136
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to gain privileges as another user or an administrator via unknown attack vectors.
Drupal Everyblog 6.0
Drupal Everyblog 5.0
NA
CVE-2009-2374
Drupal 5.x prior to 5.19 and 6.x prior to 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from...
Drupal Drupal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »