Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 7.5 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2012-1589
Open redirect vulnerability in the Form API in Drupal 7.x prior to 7.13 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
Drupal Drupal 7.0
Drupal Drupal 7.8
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.12
Drupal Drupal 7.11
Drupal Drupal 7.4
Drupal Drupal 7.3
Drupal Drupal 7.10
Drupal Drupal 7.9
Drupal Drupal 7.2
Drupal Drupal 7.1
Drupal Drupal 7.x-dev
5.1
CVSSv2
CVE-2013-6385
The form API in Drupal 6.x prior to 6.29 and 7.x prior to 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote malicious users to trigger application-specific impacts such as arbitrary code e...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.21
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.27
Drupal Drupal 6.28
Drupal Drupal 6.9
Drupal Drupal 6.22
Drupal Drupal 6.3
5
CVSSv2
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent no...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Fedoraproject Fedora 16
5
CVSSv2
CVE-2016-6212
The Views module 7.x-3.x prior to 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x prior to 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors.
Drupal Drupal 7.39
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.30
Drupal Drupal 7.31
Drupal Drupal 7.38
Drupal Drupal 7.4
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.43
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.25
Drupal Drupal 7.26
Drupal Drupal 7.32
Drupal Drupal 7.33
Drupal Drupal 7.40
5
CVSSv2
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
5
CVSSv2
CVE-2016-3170
The "have you forgotten your password" links in the User module in Drupal 7.x prior to 7.43 and 8.x prior to 8.0.4 allow remote malicious users to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a modu...
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0
Drupal Drupal 7.42
Drupal Drupal 7.41
Drupal Drupal 7.40
Drupal Drupal 7.33
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.17
Drupal Drupal 7.16
Drupal Drupal 7.0
Drupal Drupal 7.x-dev
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.7
Drupal Drupal 7.27
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.24
5
CVSSv2
CVE-2015-6661
Drupal 6.x prior to 6.37 and 7.x prior to 7.39 allows remote malicious users to obtain sensitive node titles by reading the menu.
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.27
Drupal Drupal 6.28
Drupal Drupal 6.34
Drupal Drupal 6.35
Drupal Drupal 7.0
Drupal Drupal 6.15
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.30
Drupal Drupal 6.31
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.21
5
CVSSv2
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
5
CVSSv2
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
5
CVSSv2
CVE-2014-5019
The multisite feature in Drupal 6.x prior to 6.32 and 7.x prior to 7.29 allows remote malicious users to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
Drupal Drupal 7.28
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.8
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.13
Drupal Drupal 7.15
Drupal Drupal 7.21
Drupal Drupal 7.23
Drupal Drupal 7.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »