Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 5.3 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2014-7980
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x prior to 7.x-3.3 and 7.x-5.x prior to 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip...
Drupal Zen 7.x-5.3
Drupal Zen 7.x-5.2
Drupal Zen 7.x-5.1
Drupal Zen 7.x-5.0
Drupal Zen 7.x-3.2
Drupal Zen 7.x-3.0
Drupal Zen 7.x-3.1
Drupal Zen 7.x-5.4
6.8
CVSSv2
CVE-2007-6752
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and previous versions allows remote malicious users to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by...
Drupal Drupal 4.6.0
Drupal Drupal 4.6
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 4.6.5
Drupal Drupal 4.5.4
Drupal Drupal 6.0
Drupal Drupal 4.7.2
Drupal Drupal 4.6.10
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 4.6.9
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 4.5.0
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
1 EDB exploit
5.1
CVSSv2
CVE-2007-5595
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Drupal Drupal
4.3
CVSSv2
CVE-2007-5596
The core Upload module in Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 places the .html extension on a whitelist, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by uploading .html files.
Drupal Drupal
4.3
CVSSv2
CVE-2007-5597
The hook_comments API in Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 does not pass publication status, which might allow malicious users to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2...
Drupal Drupal
6.8
CVSSv2
CVE-2007-5593
install.php in Drupal 5.x prior to 5.3, when the configured database server is not reachable, allows remote malicious users to execute arbitrary code via vectors that cause settings.php to be modified.
Drupal Drupal
Fedoraproject Fedora 7
4.3
CVSSv2
CVE-2007-5594
Drupal 5.x prior to 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote malicious users to delete users via a cross-site request forgery (CSRF) attack.
Drupal Drupal
Fedoraproject Fedora 7
3.5
CVSSv2
CVE-2015-7229
The Twitter module 6.x-5.x prior to 6.x-5.2, 7.x-5.x prior to 7.x-5.9, and 7.x-6.x prior to 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter"...
Twitter Project Twitter 7.x-5.1
Twitter Project Twitter 7.x-5.2
Twitter Project Twitter 7.x-5.3
Twitter Project Twitter 7.x-5.4
Twitter Project Twitter 7.x-6.0
Twitter Project Twitter 6.x-5.x
Twitter Project Twitter 7.x-5.0
Twitter Project Twitter 7.x-5.5
Twitter Project Twitter 7.x-5.7
Twitter Project Twitter 6.x-5.0
Twitter Project Twitter 6.x-5.1
Twitter Project Twitter 7.x-5.6
Twitter Project Twitter 7.x-5.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3