Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-7406
SQL injection vulnerability in the MRBS module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mrbs Project Mrbs 1.4.8
Mrbs Project Mrbs 1.4.0
7.5
CVSSv2
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
7.5
CVSSv2
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
7.5
CVSSv2
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to access data via unspecified vectors.
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.3
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.2
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.1
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.0
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.4
Biblio Autocomplete Project Biblio Autocomplete 7.x-1.x
Biblio Autocomplete Project Biblio Autocomplete 6.x-1.x
7.5
CVSSv2
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.19
7.5
CVSSv2
CVE-2013-2247
The Fast Permissions Administration module 6.x-2.x prior to 6.x-2.5 and 7.x-2.x prior to 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote malicious users to obtain unspecified access to the permissions edit form.
Fast Permissions Administration Project Fast Permission Administration 7.x-2.0
Fast Permissions Administration Project Fast Permission Administration 7.x-2.x
Fast Permissions Administration Project Fast Permission Administration 6.x-2.4
Fast Permissions Administration Project Fast Permission Administration 6.x-2.3
Fast Permissions Administration Project Fast Permission Administration 6.x-2.1
Fast Permissions Administration Project Fast Permission Administration 6.x-2.x
Fast Permissions Administration Project Fast Permission Administration 7.x-2.1
Fast Permissions Administration Project Fast Permission Administration 6.x-2.2
Fast Permissions Administration Project Fast Permission Administration 6.x-2.0
Fast Permissions Administration Project Fast Permission Administration 7.x-2.2
7.5
CVSSv2
CVE-2012-5590
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Scripthead Webmail Plus -
7.5
CVSSv2
CVE-2012-5550
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Carlos Carvalhar Time Spent 6.x-2.x
Carlos Carvalhar Time Spent 7.x-2.x
7.5
CVSSv2
CVE-2012-4470
The Listhandler module 6.x-1.x prior to 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact.
Philip Ludlam Listhandler 6.x-1.0
7.5
CVSSv2
CVE-2012-4479
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
David Alkire Drag \\& Drop Gallery 6.x-1.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »