Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 4.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0507
SQL injection vulnerability in the Acidfree module for Drupal prior to 4.6.x-1.0, and prior to 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
Drupal Acidfree 4.6 1.0
Drupal Acidfree 4.7 1.0
NA
CVE-2006-4108
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Drupal Bibliography Module
NA
CVE-2006-4109
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Bibliography Module
NA
CVE-2006-4107
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote malicious users to execute arbitrary SQL commands via a job or resume search.
Drupal Job Search 4.6 Rev1.3.2
NA
CVE-2006-4949
Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) prior to 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) prior to 1.2.2.1 allows remote malicious users to inject arbitrary web script or HTML via uns...
Drupal Site Profile Directory Module
NA
CVE-2008-5996
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x prior to 5.x-1.5 and 6.x prior to 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter...
Link3 Simplenews
Link3 Simplenews 5.x-1.3
Link3 Simplenews 4.7.x-1.x-dev
Link3 Simplenews 4.6.x-1.x-dev
Link3 Simplenews 4.7.x-2.x-dev
Link3 Simplenews 5.x-1.x-dev
Link3 Simplenews 5.x-1.2
Link3 Simplenews 5.x-1.1
Link3 Simplenews 6.x-1.0
Link3 Simplenews 5.x-1.0
Link3 Simplenews 4.7.x-1.0
Link3 Simplenews 6.x-1.x-dev
NA
CVE-2010-2048
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x prior to 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Menhir Heartbeat 6.x-4.7
Menhir Heartbeat 6.x-4.6
Menhir Heartbeat 6.x-4.1
Menhir Heartbeat 6.x-4.0
Menhir Heartbeat 6.x-2.3
Menhir Heartbeat 6.x-4.5
Menhir Heartbeat 6.x-4.4
Menhir Heartbeat 6.x-4.x
Menhir Heartbeat 6.x-3.3
Menhir Heartbeat 6.x-4.8
Menhir Heartbeat 6.x-4.3
Menhir Heartbeat 6.x-4.2
Menhir Heartbeat 6.x-3.2
Menhir Heartbeat 6.x-3.x
NA
CVE-2009-4525
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x prior to 5.x-4.9 and 6.x prior to 6.x-1.9, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via crafted data in a list of links.
Joao Ventura Print 5.x-4.7
Joao Ventura Print 5.x-4.2
Joao Ventura Print 5.x-4.1
Joao Ventura Print 6.x-1.5
Joao Ventura Print 6.x-1.6
Joao Ventura Print 6.x-1.7
Joao Ventura Print 6.x-1.0
Joao Ventura Print 5.x-4.5
Joao Ventura Print 5.x-4.4
Joao Ventura Print 6.x-1.1
Joao Ventura Print 6.x-1.2
Joao Ventura Print 5.x-4.8
Joao Ventura Print 5.x-4.6
Joao Ventura Print 5.x-4.0
Joao Ventura Print 6.x-1.x
Joao Ventura Print 5.x-4.3
Joao Ventura Print 5.x-4.x
Joao Ventura Print 6.x-1.3
Joao Ventura Print 6.x-1.4
NA
CVE-2009-4526
The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x prior to 5.x-4.9 and 6.x prior to 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote malicious users to read page titles by requesting a &...
Joao Ventura Print 5.x-4.7
Joao Ventura Print 6.x-1.3
Joao Ventura Print 6.x-1.4
Joao Ventura Print 6.x-1.5
Joao Ventura Print 6.x-1.6
Joao Ventura Print 5.x-4.3
Joao Ventura Print 5.x-4.x
Joao Ventura Print 5.x-4.2
Joao Ventura Print 5.x-4.1
Joao Ventura Print 6.x-1.0
Joao Ventura Print 5.x-4.8
Joao Ventura Print 5.x-4.5
Joao Ventura Print 6.x-1.2
Joao Ventura Print 6.x-1.7
Joao Ventura Print 5.x-4.6
Joao Ventura Print 5.x-4.4
Joao Ventura Print 5.x-4.0
Joao Ventura Print 6.x-1.1
Joao Ventura Print 6.x-1.x
NA
CVE-2009-3210
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x prior to 5.x-4.8 and 6.x prior to 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Joao Ventura Print 5.x-3.1
Joao Ventura Print 5.x-3.2
Joao Ventura Print 5.x-4.x-dev
Joao Ventura Print 5.x-4.1
Joao Ventura Print 6.x-1.x-dev
Joao Ventura Print 6.x-1.0
Joao Ventura Print 6.x-1.7
Joao Ventura Print 5.x-3.3
Joao Ventura Print 5.x-3.4
Joao Ventura Print 5.x-4.2
Joao Ventura Print 5.x-4.3
Joao Ventura Print 6.x-1.1
Joao Ventura Print 6.x-1.2
Joao Ventura Print 5.x-3.x-dev
Joao Ventura Print 5.x-3.0
Joao Ventura Print 5.x-3.7
Joao Ventura Print 5.x-4.0
Joao Ventura Print 5.x-4.7
Joao Ventura Print 5.x-2.2
Joao Ventura Print 6.x-1.5
Joao Ventura Print 6.x-1.6
Joao Ventura Print 5.x-3.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4