Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-9151
The Services module 7.x-3.x prior to 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote malicious users to obtain access via a brute-force attack on the administrative password.
Services Project Services 7.x-3.9
7.5
CVSSv2
CVE-2014-9024
The Protected Pages module 7.x-2.x prior to 7.x-2.4 for Drupal allows remote malicious users to bypass the password protection via a crafted path.
Protected Pages Project Protected Pages 7.x-1.0
Protected Pages Project Protected Pages 7.x-2.0
Protected Pages Project Protected Pages 7.x-2.2
7.5
CVSSv2
CVE-2013-7406
SQL injection vulnerability in the MRBS module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mrbs Project Mrbs 1.4.8
Mrbs Project Mrbs 1.4.0
7.5
CVSSv2
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
7.5
CVSSv2
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
7.5
CVSSv2
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
7.5
CVSSv2
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.19
7.5
CVSSv2
CVE-2013-2247
The Fast Permissions Administration module 6.x-2.x prior to 6.x-2.5 and 7.x-2.x prior to 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote malicious users to obtain unspecified access to the permissions edit form.
Fast Permissions Administration Project Fast Permission Administration 7.x-2.0
Fast Permissions Administration Project Fast Permission Administration 7.x-2.x
Fast Permissions Administration Project Fast Permission Administration 6.x-2.4
Fast Permissions Administration Project Fast Permission Administration 6.x-2.3
Fast Permissions Administration Project Fast Permission Administration 6.x-2.1
Fast Permissions Administration Project Fast Permission Administration 6.x-2.x
Fast Permissions Administration Project Fast Permission Administration 7.x-2.1
Fast Permissions Administration Project Fast Permission Administration 6.x-2.2
Fast Permissions Administration Project Fast Permission Administration 6.x-2.0
Fast Permissions Administration Project Fast Permission Administration 7.x-2.2
7.5
CVSSv2
CVE-2012-5590
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Scripthead Webmail Plus -
7.5
CVSSv2
CVE-2012-5550
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Carlos Carvalhar Time Spent 6.x-2.x
Carlos Carvalhar Time Spent 7.x-2.x
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »