Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 4.7 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
Drupal Project 4.6
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
NA
CVE-2007-0506
The project_issue_access function in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue informat...
Drupal Project 4.6
Drupal Project 4.6 1.1
Drupal Project 4.7
Drupal Project Issue Tracking Module 5.0
Drupal Project Issue Tracking Module 4.7 1.1
Drupal Project Issue Tracking Module 4.7 2.1
Drupal Project 4.7 1.1
Drupal Project 4.7 2.1
Drupal Project 5.0
Drupal Project Issue Tracking Module 4.7
NA
CVE-2006-4360
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
Drupal Drupal E-commerce Module 4.7
NA
CVE-2006-6646
Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters, which do not use t...
Drupal Drupal Project 4.6 1.0
Drupal Drupal Project 4.7
Drupal Drupal Project Issue Tracking 4.7 1.0
Drupal Drupal Project Issue Tracking 4.7 2.0
Drupal Drupal Project 4.6
Drupal Drupal Project 4.7 1.0
Drupal Drupal Project 4.7 2.0
NA
CVE-2007-0124
Unspecified vulnerability in Drupal prior to 4.6.11, and 4.7 prior to 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
Drupal Drupal 4.6.4
Drupal Drupal 4.6.5
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.7
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 4.7.2
Drupal Drupal 4.6.1
Drupal Drupal 4.6.10
Drupal Drupal 4.6.8
Drupal Drupal 4.6.9
Drupal Drupal 4.6
Drupal Drupal 4.6.0
Drupal Drupal 4.6.6
Drupal Drupal 4.6.7
Drupal Drupal 4.7.3
Drupal Drupal 4.7.4
NA
CVE-2006-2743
Drupal 4.6.x prior to 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote malicious users to upload, modify, or execute arbitrary files in the files directory.
Drupal Drupal 4.6.3
Drupal Drupal 4.6.4
Drupal Drupal 4.6.1
Drupal Drupal 4.6.2
Drupal Drupal 4.6.5
Drupal Drupal 4.6.6
Drupal Drupal 4.7.0
Drupal Drupal 4.6
Drupal Drupal 4.6.0
1 EDB exploit
NA
CVE-2008-0571
The point moderation form in the Userpoints 4.7.x prior to 4.7.x-2.3, 5.x-2 prior to 5.x-2.16, and 5.x-3 prior to 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote malicious users to conduct cross-site request forgery (CSRF) a...
Drupal Userpoints Module 4.7
Drupal Userpoints Module 5.0
NA
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2
Drupal E-commerce Module
Drupal Token Module
Drupal Asin Field Module
Drupal Drupal 4.7
Drupal Node Relativity Module
Drupal Pathauto Module
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Paypal Node Module
Drupal Ubercart Module
Drupal Fullname Field For Cck
Drupal Invite Module
NA
CVE-2008-0568
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote malicious users to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
Drupal Secure Site Module 5.0
Drupal Secure Site Module 4.7
NA
CVE-2008-0569
The Comment Upload 4.7.x prior to 4.7.x-0.1 and 5.x prior to 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote malicious users to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspec...
Drupal Comment Upload Module 4.7
Drupal Comment Upload Module 5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »