Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6 vulnerabilities and exploits
(subscribe to this query)
534
VMScore
CVE-2008-4633
SQL injection vulnerability in Node Vote 5.x prior to 5.x-1.1 and 6.x prior to 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previo...
Drupal Node Clone 4.7.x-1.3
Drupal Node Clone 4.7.x-2.1
Drupal Node Clone 4.7.x-1.0
Drupal Node Clone 5
Drupal Node Clone 4.7.x-1.2
Drupal Node Clone 4.7.x-1.1
Drupal Node Clone 6
312
VMScore
CVE-2008-3095
Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x prior to 5.x-7.3 and 6.x prior to 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.
Drupal Organic Groups Module 5
Drupal Organic Groups Module 6
383
VMScore
CVE-2009-4602
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x up to and including 5.x-1.0 and 6.x up to and including 6.x-1.0, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Randomizer 5.x-1.0
Drupal Randomizer 6.x-1.0
383
VMScore
CVE-2008-2773
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.3, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Taxonomy Image Module 5
Drupal Taxonomy Image Module 6
605
VMScore
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 7.4
Drupal Drupal 7.30
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.17
Drupal Drupal 7.16
312
VMScore
CVE-2009-1844
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.18 and 6.x prior to 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not...
Drupal Drupal 5.1
Drupal Drupal 5.10
Drupal Drupal 5.8
Drupal Drupal 5.9
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 6.5
Drupal Drupal 6.6
Drupal Drupal 5.0
Drupal Drupal 5.15
Drupal Drupal 5.16
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal 6.0
Drupal Drupal 6.7
Drupal Drupal 6.8
516
VMScore
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Drupal Drupal 7.9
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.25
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.29
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.32
Drupal Drupal 6.33
Drupal Drupal 6.34
Drupal Drupal 7.6
Drupal Drupal 7.8
Drupal Drupal 7.13
516
VMScore
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
445
VMScore
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
312
VMScore
CVE-2009-4369
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x prior to 5.21 and 6.x prior to 6.15 allows remote authenticated users with "administer site-wide contact form" permiss...
Drupal Drupal 6.10
Drupal Drupal 6.9
Drupal Drupal 6.0
Drupal Drupal 6.13
Drupal Drupal 5.1
Drupal Drupal 5.2
Drupal Drupal 5.10
Drupal Drupal 5.18
Drupal Drupal 5.11
Drupal Drupal 5.19
Drupal Drupal 5.20
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.12
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 5.x
Drupal Drupal 6.6
Drupal Drupal 6.2
Drupal Drupal 6.1
Drupal Drupal 6.5
Drupal Drupal 5.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »