Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal upload module vulnerabilities and exploits
(subscribe to this query)
775
VMScore
CVE-2005-1921
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and previous versions (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and previous versions, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6)...
Php Xml Rpc
Gggeek Phpxmlrpc
Drupal Drupal
Tiki Tikiwiki Cms\\/groupware
Debian Debian Linux 3.1
5 EDB exploits
578
VMScore
CVE-2015-2087
Unrestricted file upload vulnerability in the Avatar Uploader module prior to 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.
Avatar Uploader Project Avatar Uploader
312
VMScore
CVE-2010-0697
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x prior to 6.x-1.2 and 6.x-2.x prior to 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an...
Ilya Ivanchenko Itweak Upload 6.x-2.1
Ilya Ivanchenko Itweak Upload 6.x-2.0
Ilya Ivanchenko Itweak Upload 6.x-2.x-dev
Ilya Ivanchenko Itweak Upload 6.x-2.2
Ilya Ivanchenko Itweak Upload 6.x-1.0
Ilya Ivanchenko Itweak Upload 6.x-1.1
Ilya Ivanchenko Itweak Upload 6.x-1.x-dev
454
VMScore
CVE-2012-4472
Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and previous versions for Drupal allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then acce...
David Alkire Drag \\& Drop Gallery
534
VMScore
CVE-2013-0206
Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x prior to 6.x-2.1 and 7.x-2.x prior to 7.x-2.7 for Drupal allows remote authenticated users with the "administer CSS" permissions to execute arbitrary code by uploading a file with an executable extens...
Guy Bedford Live Css 7.x-2.5
Guy Bedford Live Css 7.x-2.4
Guy Bedford Live Css 7.x-2.3
Guy Bedford Live Css 7.x-2.2
Guy Bedford Live Css 6.x-2.0
Guy Bedford Live Css 7.x-2.0
Guy Bedford Live Css 7.x-2.x-dev
Guy Bedford Live Css 7.x-2.6
Guy Bedford Live Css 7.x-2.1
Guy Bedford Live Css 7.x-2.0-beta1
429
VMScore
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
162 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4