Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 6 vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2008-4633
SQL injection vulnerability in Node Vote 5.x prior to 5.x-1.1 and 6.x prior to 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previo...
Drupal Node Clone 4.7.x-1.3
Drupal Node Clone 4.7.x-2.1
Drupal Node Clone 4.7.x-1.0
Drupal Node Clone 5
Drupal Node Clone 4.7.x-1.2
Drupal Node Clone 4.7.x-1.1
Drupal Node Clone 6
4.3
CVSSv2
CVE-2008-2773
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.3, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Taxonomy Image Module 5
Drupal Taxonomy Image Module 6
4.3
CVSSv2
CVE-2009-4602
Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x up to and including 5.x-1.0 and 6.x up to and including 6.x-1.0, a module for Drupal, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Drupal Randomizer 5.x-1.0
Drupal Randomizer 6.x-1.0
3.5
CVSSv2
CVE-2008-3095
Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x prior to 5.x-7.3 and 6.x prior to 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.
Drupal Organic Groups Module 5
Drupal Organic Groups Module 6
6.8
CVSSv2
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Drupal Drupal 6.31
Drupal Drupal 6.30
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.16
Drupal Drupal 6.0
Drupal Drupal 7.4
Drupal Drupal 7.30
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.17
Drupal Drupal 7.16
3.5
CVSSv2
CVE-2009-1844
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x prior to 5.18 and 6.x prior to 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not...
Drupal Drupal 5.1
Drupal Drupal 5.10
Drupal Drupal 5.8
Drupal Drupal 5.9
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 5.13
Drupal Drupal 5.14
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 6.5
Drupal Drupal 6.6
Drupal Drupal 5.0
Drupal Drupal 5.15
Drupal Drupal 5.16
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal 6.0
Drupal Drupal 6.7
Drupal Drupal 6.8
5.8
CVSSv2
CVE-2015-2749
Open redirect vulnerability in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Drupal Drupal 7.9
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.25
Drupal Drupal 7.27
Drupal Drupal 7.28
Drupal Drupal 7.29
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.2
Drupal Drupal 6.16
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.32
Drupal Drupal 6.33
Drupal Drupal 6.34
Drupal Drupal 7.6
Drupal Drupal 7.8
Drupal Drupal 7.13
5.8
CVSSv2
CVE-2015-2750
Open redirect vulnerability in URL-related API functions in Drupal 6.x prior to 6.35 and 7.x prior to 7.35 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 7.3
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.33
Drupal Drupal 7.34
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.6
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.9
Drupal Drupal 6.10
Drupal Drupal 6.23
Drupal Drupal 6.24
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 7.5
Drupal Drupal 7.7
5
CVSSv2
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
3.5
CVSSv2
CVE-2009-4369
Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x prior to 5.21 and 6.x prior to 6.15 allows remote authenticated users with "administer site-wide contact form" permiss...
Drupal Drupal 6.10
Drupal Drupal 6.9
Drupal Drupal 6.0
Drupal Drupal 6.13
Drupal Drupal 5.1
Drupal Drupal 5.2
Drupal Drupal 5.10
Drupal Drupal 5.18
Drupal Drupal 5.11
Drupal Drupal 5.19
Drupal Drupal 5.20
Drupal Drupal 6.11
Drupal Drupal 6.7
Drupal Drupal 6.12
Drupal Drupal 6.4
Drupal Drupal 6.14
Drupal Drupal 5.x
Drupal Drupal 6.6
Drupal Drupal 6.2
Drupal Drupal 6.1
Drupal Drupal 6.5
Drupal Drupal 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »