Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-0841
Multiple unspecified vulnerabilities in vbDrupal prior to 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
Vbdrupal Vbdrupal 4.7.5.0
9.3
CVSSv2
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
9.3
CVSSv2
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x prior to 5.12 and 6.x prior to 6.6, when the server is configured for "IP-based virtual hosts," allows remote malicious users to include and execute arbitrary files via the HTTP Host header.
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.2
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 6.4
Drupal Drupal 5.0
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 6.5
Drupal Drupal 5.5
Drupal Drupal 6.0
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 6.3
Drupal Drupal 5.11
9.3
CVSSv2
CVE-2008-3001
The Aggregation module 5.x prior to 5.x-4.4 for Drupal allows remote malicious users to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Drupal Aggregation Module 5
Drupal Aggregation Module 3.2
Drupal Aggregation Module 4.0
Drupal Aggregation Module 4.1
Drupal Aggregation Module 4.3
Drupal Aggregation Module 4.2
Drupal Aggregation Module 3.1
Drupal Aggregation Module 3.0
8.5
CVSSv2
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
8.5
CVSSv2
CVE-2008-0277
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
Drupal Fileshare Module 4.7.x
Drupal Fileshare Module 5.x
8.5
CVSSv2
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Drupal Project Issue Tracking Module 4.7
Drupal Project 5.0
Drupal Project Issue Tracking Module 5.0
Drupal Project 4.7 2.1
Drupal Project Issue Tracking Module 4.7 2.1
Drupal Project 4.6
Drupal Project 4.7 1.1
Drupal Project 4.6 1.1
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project 4.7
7.8
CVSSv2
CVE-2007-3689
The Print module prior to 4.7-1.0 and 5.x prior to 5.x-1.2 for Drupal allows remote malicious users to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
Drupal Print Module
7.8
CVSSv2
CVE-2007-3690
The Forward module prior to 4.7-1.1 and 5.x prior to 5.x-1.0 for Drupal allows remote malicious users to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
Drupal Forward Module
7.5
CVSSv2
CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemente...
Drupal Drupal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »