Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 7.0 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-9016
The password hashing API in Drupal 7.x prior to 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x prior to 6.x-2.1 for Drupal allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted request.
Drupal Drupal
Secure Password Hashes Project Secure Passwords Hashes
Debian Debian Linux 7.0
1 EDB exploit
2 Github repositories
7.5
CVSSv2
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
6.8
CVSSv2
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 7.4
Drupal Drupal 7.30
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.17
Drupal Drupal 7.16
5
CVSSv2
CVE-2014-5266
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, does not limit the number of elements in an XML document, which allows remote malicious users to cause a denial of service (CPU consumption) via a large docu...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.0.3
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
Wordpress Wordpress 3.8.1
Wordpress Wordpress
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
5
CVSSv2
CVE-2014-5265
The Incutio XML-RPC (IXR) Library, as used in WordPress prior to 3.9.2 and Drupal 6.x prior to 6.33 and 7.x prior to 7.31, permits entity declarations without considering recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory a...
Wordpress Wordpress 3.0
Wordpress Wordpress 3.0.1
Wordpress Wordpress 3.0.2
Wordpress Wordpress 3.3.1
Wordpress Wordpress 3.3.2
Wordpress Wordpress 3.3.3
Wordpress Wordpress 3.4.0
Wordpress Wordpress 3.1
Wordpress Wordpress 3.1.1
Wordpress Wordpress 3.1.2
Wordpress Wordpress 3.1.3
Wordpress Wordpress 3.1.4
Wordpress Wordpress 3.6
Wordpress Wordpress 3.6.1
Wordpress Wordpress 3.7
Wordpress Wordpress 3.7.1
Wordpress Wordpress 3.0.4
Wordpress Wordpress 3.0.6
Wordpress Wordpress 3.2
Wordpress Wordpress 3.3
Wordpress Wordpress 3.4.1
Wordpress Wordpress 3.5.0
4.9
CVSSv2
CVE-2014-5020
The File module in Drupal 7.x prior to 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Drupal Drupal 7.0
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.20
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.1
Drupal Drupal 7.11
Drupal Drupal 7.18
Drupal Drupal 7.2
Drupal Drupal 7.24
Drupal Drupal 7.26
Drupal Drupal 7.8
Drupal Drupal 7.x-dev
2.1
CVSSv2
CVE-2014-5021
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x prior to 6.32 and possibly 7.x prior to 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.28
Drupal Drupal 7.1
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.11
Drupal Drupal 7.13
Drupal Drupal 7.2
Drupal Drupal 7.21
Drupal Drupal 7.26
Drupal Drupal 7.3
Drupal Drupal 7.x-dev
5
CVSSv2
CVE-2014-5019
The multisite feature in Drupal 6.x prior to 6.32 and 7.x prior to 7.29 allows remote malicious users to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
Drupal Drupal 7.28
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.8
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.13
Drupal Drupal 7.15
Drupal Drupal 7.21
Drupal Drupal 7.23
Drupal Drupal 7.3
4.3
CVSSv2
CVE-2014-5022
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x prior to 7.29 allows remote malicious users to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Drupal Drupal 7.0
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.21
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.1
Drupal Drupal 7.14
Drupal Drupal 7.16
Drupal Drupal 7.18
Drupal Drupal 7.22
Drupal Drupal 7.24
Drupal Drupal 7.6
5
CVSSv2
CVE-2014-2983
Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
Drupal Drupal
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »