Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 7.14 vulnerabilities and exploits
(subscribe to this query)
802
VMScore
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
756
VMScore
CVE-2016-3168
The System module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might allow remote malicious users to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerabili...
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
668
VMScore
CVE-2015-6659
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x prior to 7.39 allows remote malicious users to execute arbitrary SQL commands via an SQL comment.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
668
VMScore
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.17
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.10
Drupal Drupal 7.12
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
Drupal Drupal 7.24
Drupal Drupal 7.14
Drupal Drupal 7.23
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.24
605
VMScore
CVE-2016-3169
The User module in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 allows remote malicious users to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
605
VMScore
CVE-2015-6660
The Form API in Drupal 6.x prior to 6.37 and 7.x prior to 7.39 does not properly validate the form token, which allows remote malicious users to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks.&quo...
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
605
VMScore
CVE-2014-9015
Drupal 6.x prior to 6.34 and 7.x prior to 7.34 allows remote malicious users to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Drupal Drupal
Debian Debian Linux 7.0
605
VMScore
CVE-2014-5267
modules/openid/xrds.inc in Drupal 6.x prior to 6.33 and 7.x prior to 7.31 allows remote malicious users to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 6.4
Drupal Drupal 7.5
Drupal Drupal 6.11
605
VMScore
CVE-2013-6386
Drupal 6.x prior to 6.29 and 7.x prior to 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote malicious users to predict security strings and bypass intended restrictions via a brute force attack.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
Drupal Drupal 7.14
Drupal Drupal 7.23
605
VMScore
CVE-2012-4553
Drupal 7.x prior to 7.16 allows remote malicious users to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions."
Drupal Drupal 7.0
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.11
Drupal Drupal 7.14
Drupal Drupal 7.1
Drupal Drupal 7.7
Drupal Drupal 7.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »