Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.6 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2009-2372
Drupal 6.x prior to 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via...
Drupal Drupal
6.4
CVSSv2
CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" para...
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.34
Drupal Drupal 6.33
Drupal Drupal 6.20
Drupal Drupal 6.2
Drupal Drupal 6.19
Drupal Drupal 6.18
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.4
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.29
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.16
Drupal Drupal 6.14
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.28
6
CVSSv2
CVE-2012-5653
The file upload feature in Drupal 6.x prior to 6.27 and 7.x prior to 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name.
Drupal Drupal 7.0
Drupal Drupal 7.3
Drupal Drupal 7.1
Drupal Drupal 7.8
Drupal Drupal 7.14
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.17
Drupal Drupal 7.16
Drupal Drupal 7.13
Drupal Drupal 7.12
Drupal Drupal 7.11
Drupal Drupal 7.10
Drupal Drupal 7.x-dev
Drupal Drupal 7.2
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.9
Drupal Drupal 7.15
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Drupal Drupal 6.9
5.8
CVSSv2
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Drupal Drupal 7.9
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.25
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.29
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.32
Drupal Drupal 6.33
Drupal Drupal 6.34
Drupal Drupal 7.6
Drupal Drupal 7.8
Drupal Drupal 7.13
5.8
CVSSv2
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
5.8
CVSSv2
CVE-2016-3164
Drupal 6.x prior to 6.38, 7.x prior to 7.43, and 8.x prior to 8.0.4 might allow remote malicious users to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.1
Drupal Drupal 8.0.0
Drupal Drupal 7.32
Drupal Drupal 7.x-dev
Drupal Drupal 7.5
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.28
Drupal Drupal 7.21
Drupal Drupal 7.2
Drupal Drupal 7.15
Drupal Drupal 7.13
Drupal Drupal 7.0
Drupal Drupal 6.8
Drupal Drupal 6.6
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.18
5.5
CVSSv2
CVE-2010-3092
The upload module in Drupal 5.x prior to 5.23 and 6.x prior to 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different...
Drupal Drupal 5.0
Drupal Drupal 5.10
Drupal Drupal 5.11
Drupal Drupal 5.12
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.2
Drupal Drupal 5.3
Drupal Drupal 5.4
Drupal Drupal 5.5
Drupal Drupal 5.19
Drupal Drupal 5.20
Drupal Drupal 5.21
Drupal Drupal 5.22
Drupal Drupal 5.1
Drupal Drupal 5.6
Drupal Drupal 5.8
Drupal Drupal 5.15
Drupal Drupal 5.17
Drupal Drupal 5.7
Drupal Drupal 5.9
Drupal Drupal 5.16
5.1
CVSSv2
CVE-2013-6385
The form API in Drupal 6.x prior to 6.29 and 7.x prior to 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote malicious users to trigger application-specific impacts such as arbitrary code e...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.21
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.27
Drupal Drupal 6.28
Drupal Drupal 6.9
Drupal Drupal 6.22
Drupal Drupal 6.3
5
CVSSv2
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
5
CVSSv2
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »