Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6135
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Everyblog 6.0
Drupal Everyblog 5.0
NA
CVE-2008-6136
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to gain privileges as another user or an administrator via unknown attack vectors.
Drupal Everyblog 5.0
Drupal Everyblog 6.0
NA
CVE-2008-6137
EveryBlog 5.x and 6.x, a module for Drupal, allows remote malicious users to bypass access restrictions via unknown vectors.
Drupal Everyblog 6.0
Drupal Everyblog 5.0
5.9
CVSSv3
CVE-2016-3166
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.1.2, allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submit...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.3
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.16
Drupal Drupal 6.15
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.36
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.20
Drupal Drupal 6.9
Drupal Drupal 6.7
7.4
CVSSv3
CVE-2016-3167
Open redirect vulnerability in the drupal_goto function in Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.7, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" para...
Drupal Drupal 6.36
Drupal Drupal 6.35
Drupal Drupal 6.34
Drupal Drupal 6.33
Drupal Drupal 6.20
Drupal Drupal 6.2
Drupal Drupal 6.19
Drupal Drupal 6.18
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.4
Drupal Drupal 6.32
Drupal Drupal 6.30
Drupal Drupal 6.29
Drupal Drupal 6.24
Drupal Drupal 6.22
Drupal Drupal 6.16
Drupal Drupal 6.14
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.8
Drupal Drupal 6.28
8.1
CVSSv3
CVE-2016-3171
Drupal 6.x prior to 6.38, when used with PHP prior to 5.4.45, 5.5.x prior to 5.5.29, or 5.6.x prior to 5.6.13, might allow remote malicious users to execute arbitrary code via vectors related to session data truncation.
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.36
Drupal Drupal 6.34
Drupal Drupal 6.28
Drupal Drupal 6.26
Drupal Drupal 6.2
Drupal Drupal 6.18
Drupal Drupal 6.13
Drupal Drupal 6.11
Drupal Drupal 6.0
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.4
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.22
Drupal Drupal 6.21
Drupal Drupal 6.1
Drupal Drupal 6.32
NA
CVE-2012-5651
Drupal 6.x prior to 6.27 and 7.x prior to 7.18 displays information for blocked users, which might allow remote malicious users to obtain sensitive information by reading the search results.
Drupal Drupal 6.0
Drupal Drupal 6.10
Drupal Drupal 6.5
Drupal Drupal 6.3
Drupal Drupal 6.23
Drupal Drupal 6.9
Drupal Drupal 6.25
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.4
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.6
Drupal Drupal 6.18
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.20
Drupal Drupal 6.19
Drupal Drupal 6.12
Drupal Drupal 6.15
Drupal Drupal 6.8
Drupal Drupal 6.2
NA
CVE-2013-6386
Drupal 6.x prior to 6.29 and 7.x prior to 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote malicious users to predict security strings and bypass intended restrictions via a brute force attack.
Drupal Drupal 7.0
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.x-dev
Drupal Drupal 7.23
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 7.5
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.6
Drupal Drupal 7.7
Drupal Drupal 7.20
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.17
NA
CVE-2013-6385
The form API in Drupal 6.x prior to 6.29 and 7.x prior to 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote malicious users to trigger application-specific impacts such as arbitrary code e...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.21
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.27
Drupal Drupal 6.28
Drupal Drupal 6.9
Drupal Drupal 6.22
Drupal Drupal 6.3
NA
CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x prior to 6.28 and 7.x prior to 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote malicious users to inject arbitrary web script or HTML via vectors involving unspecified Java...
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.2
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 6.0
Drupal Drupal 6.13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »