Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 7.12 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-4554
The OpenID module in Drupal 7.x prior to 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.11
Drupal Drupal 7.14
Drupal Drupal 7.1
Drupal Drupal 7.7
Drupal Drupal 7.2
5
CVSSv2
CVE-2012-1591
The image module in Drupal 7.x prior to 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote malicious users to read private image styles.
Drupal Drupal 7.0
Drupal Drupal 7.3
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.11
Drupal Drupal 7.1
Drupal Drupal 7.7
Drupal Drupal 7.2
5
CVSSv2
CVE-2012-2922
The request_path function in includes/bootstrap.inc in Drupal 7.14 and previous versions allows remote malicious users to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message.
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 5.7
Drupal Drupal 7.8
Drupal Drupal 6.4
Drupal Drupal 7.5
Drupal Drupal 5.23
Drupal Drupal 5.0
Drupal Drupal 6.11
Drupal Drupal 7.10
4.9
CVSSv2
CVE-2016-9451
Confirmation forms in Drupal 7.x prior to 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.4
Drupal Drupal 7.51
Drupal Drupal 7.28
Drupal Drupal 7.22
4.9
CVSSv2
CVE-2014-5020
The File module in Drupal 7.x prior to 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.28
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
4.3
CVSSv2
CVE-2015-6658
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x prior to 6.37 and 7.x prior to 7.39 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
4.3
CVSSv2
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
4.3
CVSSv2
CVE-2015-3234
The OpenID module in Drupal 6.x prior to 6.36 and 7.x prior to 7.38 allows remote malicious users to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 6.4
1 Article
4.3
CVSSv2
CVE-2014-5022
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x prior to 7.29 allows remote malicious users to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.28
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
4.3
CVSSv2
CVE-2013-6388
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x prior to 7.24 allows remote malicious users to inject arbitrary web script or HTML via vectors related to CSS.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
Drupal Drupal 7.14
Drupal Drupal 7.23
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »