Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 5.x vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-4147
Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x prior to 5.x-3.3 and 6.x prior to 6.x-1.3, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type.
Drupal Mailsave 5.x-2.x-dev
Drupal Mailsave 5.x-1.x-dev
Drupal Mailsave 5.x-3.0
Drupal Mailsave 5.x-2.0
Drupal Mailsave 5.x-3.x-dev
Drupal Mailsave
Drupal Mailsave 5.x-3.1
Drupal Mailsave 6.x-1.1
Drupal Mailsave 5.x-1.0
Drupal Mailsave 6.x-1.0
445
VMScore
CVE-2010-3091
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote malicious users to bypass authentication by leveraging an assertion from an Open...
Drupal Drupal 6.0
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.5
Drupal Drupal 6.6
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.1
Drupal Drupal 6.16
Drupal Drupal 6.2
Drupal Drupal 6.7
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.15
Drupal Drupal 6.17
Drupal Drupal 6.8
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.3
Peter Wolanin Openid 5.x-1.x
445
VMScore
CVE-2010-3686
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote malicious users to bypass authentication by leveraging an assertion from an OpenID pr...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.9
Drupal Drupal 6.13
Drupal Drupal 6.15
Drupal Drupal 6.6
Drupal Drupal 6.8
Drupal Drupal 6.17
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 6.16
Drupal Drupal 6.5
Drupal Drupal 6.7
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.x
445
VMScore
CVE-2010-3685
The OpenID module in Drupal 6.x prior to 6.18, and the OpenID module 5.x prior to 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote malicious users to bypass authentication by leveraging an assertio...
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.0
Drupal Drupal 6.13
Drupal Drupal 6.15
Drupal Drupal 6.6
Drupal Drupal 6.8
Drupal Drupal 6.17
Drupal Drupal 6.2
Drupal Drupal 6.3
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 6.16
Drupal Drupal 6.5
Drupal Drupal 6.7
Drupal Drupal 6.9
Peter Wolanin Openid 5.x-1.0
Peter Wolanin Openid 5.x-1.1
Peter Wolanin Openid 5.x-1.2
Peter Wolanin Openid 5.x-1.x
312
VMScore
CVE-2008-6229
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x prior to 5.x-1.10 and 6.x prior to 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbit...
Drupal Content Construction Kit 5.x-1.6
Drupal Content Construction Kit 5.x-1.7
Drupal Content Construction Kit 6.x-1.x-dev
Drupal Content Construction Kit 5.x-1.2
Drupal Content Construction Kit 5.x-1.3
Drupal Content Construction Kit 5.x-1.0
Drupal Content Construction Kit 5.x-1.4
Drupal Content Construction Kit 5.x-1.5
Drupal Content Construction Kit 5.x-1.x-dev
Drupal Content Construction Kit 6.x-1.0
Drupal Content Construction Kit 5.x-1.1
Drupal Content Construction Kit 5.x-1.8
Drupal Content Construction Kit 5.x-1.9
312
VMScore
CVE-2009-0817
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x prior to 5.x-1.4 and 6.x prior to 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Pa...
Drupal Protected Node Module 5.x
Drupal Protected Node Module 5.x-1.0
Drupal Protected Node Module 5.x-1.2
Drupal Protected Node Module 5.x-1.3
Drupal Protected Node Module 5.x-1.x-dev
Drupal Protected Node Module 6.x-1.0
Drupal Protected Node Module 6.x-1.2
Drupal Protected Node Module 6.x-1.3
Drupal Protected Node Module 6.x-1.4
534
VMScore
CVE-2008-6383
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x prior to 5.x-1.14 and 6.x prior to 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.
Drupal Storm 5.x-1.13
Drupal Storm 5.x-1.7
Drupal Storm 5.x-1.4
Drupal Storm 6.x-1.16
Drupal Storm 6.x-1.15
Drupal Storm 6.x-1.14
Drupal Storm 6.x-1.7
Drupal Storm 6.x-1.8
Drupal Storm 6.x-1.x-dev
Drupal Storm 5.x-1.12
Drupal Storm 5.x-1.11
Drupal Storm 5.x-1.5
Drupal Storm 5.x-1.3
Drupal Storm 6.x-1.13
Drupal Storm 6.x-1.12
Drupal Storm 6.x-1.4
Drupal Storm 6.x-1.5
Drupal Storm 5.x-1.8
Drupal Storm 5.x-1.6
Drupal Storm 5.x-1.x-dev
Drupal Storm 6.x-1.17
Drupal Storm 6.x-1.9
668
VMScore
CVE-2009-1507
The Node Access User Reference module 5.x prior to 5.x-2.0-beta4 and 6.x prior to 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote malicious users to bypass intended access restrictions to re...
Drupal Nodeaccess Userreference 5.x-1.3
Drupal Nodeaccess Userreference 5.x-1.0
Drupal Nodeaccess Userreference 6.x-2.0
Drupal Nodeaccess Userreference 6.x-1.1
Drupal Nodeaccess Userreference 6.x-1.0
Drupal Nodeaccess Userreference 5.x-1.1
Drupal Nodeaccess Userreference 5.x-1.2
Drupal Nodeaccess Userreference 6.x-1.4
Drupal Nodeaccess Userreference 6.x-1.2
Drupal Nodeaccess Userreference 5.x-1.4
Drupal Nodeaccess Userreference 5.x-2.0
Drupal Nodeaccess Userreference 6.x-1.7
Drupal Nodeaccess Userreference 6.x-1.6
Drupal Nodeaccess Userreference 6.x-1.5
668
VMScore
CVE-2008-4148
SQL injection vulnerability in the Mailhandler module 5.x prior to 5.x-1.4 and 6.x prior to 6.x-1.4, a module for Drupal, allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
Drupal Mailhandler
Drupal Mailhandler 6.x-1.2
Drupal Mailhandler 5.x-1.0
Drupal Mailhandler 5.x-1.x-dev
Drupal Mailhandler 5.x-1.2
Drupal Mailhandler 5.x-1.1
Drupal Mailhandler 6.x-1.x-dev
Drupal Mailhandler 6.x-1.1
Drupal Mailhandler 6.x-1.0
383
VMScore
CVE-2009-0575
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.4, a module for Drupal, allows remote malicious users to inject arbitrary web scr...
Drupal Views Bulk Operations 5.x-1.0beta3
Drupal Views Bulk Operations 6.x-1.1
Drupal Views Bulk Operations 6.x-1.2
Drupal Views Bulk Operations 5.x-1.0beta1
Drupal Views Bulk Operations 5.x-1.1
Drupal Views Bulk Operations
Drupal Views Bulk Operations 6.x-1.0
Drupal Views Bulk Operations 5.x-1.0beta4
Drupal Views Bulk Operations 5.x-1.0beta5
Drupal Views Bulk Operations 5.x-1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »