Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2015-8082
The Login Disable module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote malicious users to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demo...
Login Disable Project Login Disable 6.x-1.0
Login Disable Project Login Disable 7.x-1.0
Login Disable Project Login Disable 7.x-1.1
7.5
CVSSv2
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x prior to 7.x-1.4 does not properly escape certain characters, which allows remote malicious users to execute arbitrary SQL commands via vectors involving a module using the ...
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.0
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.1
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.2
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.3
7.5
CVSSv2
CVE-2015-6659
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x prior to 7.39 allows remote malicious users to execute arbitrary SQL commands via an SQL comment.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.34
Drupal Drupal 7.35
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.3
Drupal Drupal 7.30
Drupal Drupal 7.33
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.11
Drupal Drupal 7.12
7.5
CVSSv2
CVE-2015-5502
The Storage API module 7.x-1.x prior to 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote malicious users to have unspecified impact via unknown vectors.
Storage Api Project Storage Api 7.x-1.5
Storage Api Project Storage Api 7.x-1.6
Storage Api Project Storage Api 7.x-1.1
Storage Api Project Storage Api 7.x-1.2
Storage Api Project Storage Api 7.x-1.0
Storage Api Project Storage Api 7.x-1.7
Storage Api Project Storage Api 7.x-1.3
Storage Api Project Storage Api 7.x-1.4
7.5
CVSSv2
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
7.5
CVSSv2
CVE-2015-5501
The Hostmaster (Aegir) module 6.x-2.x prior to 6.x-2.4 and 7.x-3.x prior to 7.x-3.0-beta2 for Drupal allows remote malicious users to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.
Aegirproject Hostmaster 6.x-2.1
Aegirproject Hostmaster 6.x-2.2
Aegirproject Hostmaster 6.x-2.3
Aegirproject Hostmaster 6.x-3.0
Aegirproject Hostmaster 6.x-2.0
7.5
CVSSv2
CVE-2015-3346
SQL injection vulnerability in the WikiWiki module prior to 6.x-1.2 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Wikiwiki Project Wikiwiki
7.5
CVSSv2
CVE-2014-9151
The Services module 7.x-3.x prior to 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote malicious users to obtain access via a brute-force attack on the administrative password.
Services Project Services 7.x-3.9
7.5
CVSSv2
CVE-2014-9152
The _user_resource_create function in the Services module 7.x-3.x prior to 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote malicious users to guess the password via a brute force attack.
Services Project Services
7.5
CVSSv2
CVE-2014-9024
The Protected Pages module 7.x-2.x prior to 7.x-2.4 for Drupal allows remote malicious users to bypass the password protection via a crafted path.
Protected Pages Project Protected Pages 7.x-1.0
Protected Pages Project Protected Pages 7.x-2.0
Protected Pages Project Protected Pages 7.x-2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »