Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2015-5501
The Hostmaster (Aegir) module 6.x-2.x prior to 6.x-2.4 and 7.x-3.x prior to 7.x-3.0-beta2 for Drupal allows remote malicious users to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment.
Aegirproject Hostmaster 6.x-2.1
Aegirproject Hostmaster 6.x-2.2
Aegirproject Hostmaster 6.x-2.3
Aegirproject Hostmaster 6.x-3.0
Aegirproject Hostmaster 6.x-2.0
668
VMScore
CVE-2015-5502
The Storage API module 7.x-1.x prior to 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote malicious users to have unspecified impact via unknown vectors.
Storage Api Project Storage Api 7.x-1.5
Storage Api Project Storage Api 7.x-1.6
Storage Api Project Storage Api 7.x-1.1
Storage Api Project Storage Api 7.x-1.2
Storage Api Project Storage Api 7.x-1.0
Storage Api Project Storage Api 7.x-1.7
Storage Api Project Storage Api 7.x-1.3
Storage Api Project Storage Api 7.x-1.4
668
VMScore
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
668
VMScore
CVE-2015-3346
SQL injection vulnerability in the WikiWiki module prior to 6.x-1.2 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Wikiwiki Project Wikiwiki
668
VMScore
CVE-2014-9151
The Services module 7.x-3.x prior to 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote malicious users to obtain access via a brute-force attack on the administrative password.
Services Project Services 7.x-3.9
668
VMScore
CVE-2014-9152
The _user_resource_create function in the Services module 7.x-3.x prior to 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote malicious users to guess the password via a brute force attack.
Services Project Services
668
VMScore
CVE-2014-9024
The Protected Pages module 7.x-2.x prior to 7.x-2.4 for Drupal allows remote malicious users to bypass the password protection via a crafted path.
Protected Pages Project Protected Pages 7.x-1.0
Protected Pages Project Protected Pages 7.x-2.0
Protected Pages Project Protected Pages 7.x-2.2
668
VMScore
CVE-2013-7406
SQL injection vulnerability in the MRBS module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mrbs Project Mrbs 1.4.8
Mrbs Project Mrbs 1.4.0
668
VMScore
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
668
VMScore
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »