Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3744
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x prior to 5.10 and 6.x prior to 6.4 allow remote malicious users to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.
Drupal Drupal 5.4
Drupal Drupal 6.2
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 5.5
Drupal Drupal 6.0
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 6.3
NA
CVE-2008-3742
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x prior to 5.10 and 6.x prior to 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
Drupal Drupal 5.4
Drupal Drupal 6.2
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 5.5
Drupal Drupal 6.0
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 6.3
NA
CVE-2008-3741
The private filesystem in Drupal 5.x prior to 5.10 and 6.x prior to 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
Drupal Drupal 5.4
Drupal Drupal 6.2
Drupal Drupal 5.2
Drupal Drupal 5.7
Drupal Drupal 5.0
Drupal Drupal 6.1
Drupal Drupal 5.6
Drupal Drupal 5.1
Drupal Drupal 5.5
Drupal Drupal 6.0
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.3
Drupal Drupal 6.3
8.1
CVSSv3
CVE-2016-3169
The User module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 allows remote malicious users to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
6.4
CVSSv3
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
7.5
CVSSv3
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
7.4
CVSSv3
CVE-2016-3164
Drupal 6.x prior to 6.38, 7.x prior to 7.43, and 8.x prior to 8.0.4 might allow remote malicious users to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
Drupal Drupal 8.0.0
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
NA
CVE-2007-6752
Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and previous versions allows remote malicious users to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by...
Drupal Drupal 4.6.0
Drupal Drupal 4.6
Drupal Drupal 7.0
Drupal Drupal 5.10
Drupal Drupal 5.4
Drupal Drupal 4.6.5
Drupal Drupal 4.5.4
Drupal Drupal 6.0
Drupal Drupal 4.7.2
Drupal Drupal 4.6.10
Drupal Drupal 6.2
Drupal Drupal 5.17
Drupal Drupal 4.6.9
Drupal Drupal 5.13
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 4.5.0
Drupal Drupal 5.12
Drupal Drupal 6.18
Drupal Drupal 5.2
Drupal Drupal 7.3
1 EDB exploit
NA
CVE-2008-3745
The Upload module in Drupal 6.x prior to 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
Drupal Drupal 6.2
Drupal Drupal 6.1
Drupal Upload Module
Drupal Drupal 6.0
Drupal Drupal 6.3
NA
CVE-2008-3743
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x prior to 6.4 allow remote malicious users to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
Drupal Drupal 6.2
Drupal Drupal 6.1
Drupal Drupal 6.0
Drupal Drupal 6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege
CVE-2022-48762
CVE-2022-48751
CVE-2024-37079
CVE-2024-30848
LFI
man-in-the-middle
CVE-2022-48736
CVE-2024-30103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »