Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-0841
Multiple unspecified vulnerabilities in vbDrupal prior to 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
Vbdrupal Vbdrupal 4.7.5.0
9.3
CVSSv2
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
9.3
CVSSv2
CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x prior to 5.12 and 6.x prior to 6.6, when the server is configured for "IP-based virtual hosts," allows remote malicious users to include and execute arbitrary files via the HTTP Host header.
Drupal Drupal 5.6
Drupal Drupal 5.5
Drupal Drupal 6.5
Drupal Drupal 6.3
Drupal Drupal 5.11
Drupal Drupal 5.8
Drupal Drupal 5.2
Drupal Drupal 5.1
Drupal Drupal 6.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 5.3
Drupal Drupal 6.2
Drupal Drupal 6.1
Drupal Drupal 5.9
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 6.4
9.3
CVSSv2
CVE-2008-3001
The Aggregation module 5.x prior to 5.x-4.4 for Drupal allows remote malicious users to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
Drupal Aggregation Module 3.2
Drupal Aggregation Module 4.0
Drupal Aggregation Module 4.3
Drupal Aggregation Module 5
Drupal Aggregation Module 3.0
Drupal Aggregation Module 3.1
Drupal Aggregation Module 4.1
Drupal Aggregation Module 4.2
8.5
CVSSv2
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.38
Drupal Drupal 7.37
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.20
Drupal Drupal 7.0
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
Drupal Drupal 6.0
8.5
CVSSv2
CVE-2008-0277
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.
Drupal Fileshare Module 4.7.x
Drupal Fileshare Module 5.x
8.5
CVSSv2
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
Drupal Project 4.6
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
7.8
CVSSv2
CVE-2007-3690
The Forward module prior to 4.7-1.1 and 5.x prior to 5.x-1.0 for Drupal allows remote malicious users to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
Drupal Forward Module
7.8
CVSSv2
CVE-2007-3689
The Print module prior to 4.7-1.0 and 5.x prior to 5.x-1.2 for Drupal allows remote malicious users to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
Drupal Print Module
7.5
CVSSv2
CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemente...
Drupal Drupal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »