Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9016
The password hashing API in Drupal 7.x prior to 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x prior to 6.x-2.1 for Drupal allows remote malicious users to cause a denial of service (CPU and memory consumption) via a crafted request.
Drupal Drupal
Secure Password Hashes Project Secure Passwords Hashes
Debian Debian Linux 7.0
1 EDB exploit
2 Github repositories
NA
CVE-2014-9015
Drupal 6.x prior to 6.34 and 7.x prior to 7.34 allows remote malicious users to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Drupal Drupal
Debian Debian Linux 7.0
NA
CVE-2014-8736
The Open Atrium Core module for Drupal prior to 7.x-2.22 allows remote malicious users to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revision of the node.
Open Atrium Project Open Atrium
NA
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
NA
CVE-2014-5019
The multisite feature in Drupal 6.x prior to 6.32 and 7.x prior to 7.29 allows remote malicious users to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.
Drupal Drupal 7.28
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.8
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.13
Drupal Drupal 7.15
Drupal Drupal 7.21
Drupal Drupal 7.23
Drupal Drupal 7.3
NA
CVE-2014-5020
The File module in Drupal 7.x prior to 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Drupal Drupal 7.0
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.20
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.1
Drupal Drupal 7.11
Drupal Drupal 7.18
Drupal Drupal 7.2
Drupal Drupal 7.24
Drupal Drupal 7.26
Drupal Drupal 7.8
Drupal Drupal 7.x-dev
NA
CVE-2014-5021
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x prior to 6.32 and possibly 7.x prior to 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.28
Drupal Drupal 7.1
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.11
Drupal Drupal 7.13
Drupal Drupal 7.2
Drupal Drupal 7.21
Drupal Drupal 7.26
Drupal Drupal 7.3
Drupal Drupal 7.x-dev
NA
CVE-2014-5022
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x prior to 7.29 allows remote malicious users to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Drupal Drupal 7.0
Drupal Drupal 7.10
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.13
Drupal Drupal 7.26
Drupal Drupal 7.27
Drupal Drupal 7.3
Drupal Drupal 7.4
Drupal Drupal 7.19
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.21
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
Drupal Drupal 7.1
Drupal Drupal 7.14
Drupal Drupal 7.16
Drupal Drupal 7.18
Drupal Drupal 7.22
Drupal Drupal 7.24
Drupal Drupal 7.6
NA
CVE-2014-2983
Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
Drupal Drupal
Debian Debian Linux 6.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
NA
CVE-2013-6385
The form API in Drupal 6.x prior to 6.29 and 7.x prior to 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote malicious users to trigger application-specific impacts such as arbitrary code e...
Drupal Drupal 6.0
Drupal Drupal 6.1
Drupal Drupal 6.10
Drupal Drupal 6.17
Drupal Drupal 6.18
Drupal Drupal 6.19
Drupal Drupal 6.25
Drupal Drupal 6.26
Drupal Drupal 6.7
Drupal Drupal 6.8
Drupal Drupal 6.13
Drupal Drupal 6.14
Drupal Drupal 6.21
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.2
Drupal Drupal 6.20
Drupal Drupal 6.27
Drupal Drupal 6.28
Drupal Drupal 6.9
Drupal Drupal 6.22
Drupal Drupal 6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »