VYPR

Drupal

by Drupal

Source repositories

CVEs (203)

  • CVE-2009-3479Sep 30, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

  • CVE-2009-3352Sep 24, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.

  • CVE-2009-3156Sep 10, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type…

  • CVE-2008-6908Aug 6, 2009
    risk 0.00cvss epss 0.01

    Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.

  • CVE-2009-2374Jul 8, 2009
    risk 0.00cvss epss 0.01

    Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from…

  • CVE-2009-2373Jul 8, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2372Jul 8, 2009
    risk 0.00cvss epss 0.02

    Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via…

  • CVE-2009-1844Jun 1, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not…

  • CVE-2009-1576May 6, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows user-assisted remote attackers to obtain sensitive information by tricking victims into visiting the front page of the site with a crafted URL and causing form data…

  • CVE-2009-1575May 6, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and 6.x before 6.11, as used in vbDrupal before 5.17.0, allows remote attackers to inject arbitrary web script or HTML via crafted UTF-8 byte sequences before the Content-Type meta tag, which are treated as UTF-7…

  • CVE-2008-6533Mar 26, 2009
    risk 0.00cvss epss 0.02

    Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • CVE-2008-6532Mar 26, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old…

  • CVE-2009-1047Mar 23, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound…

  • CVE-2008-6171Feb 19, 2009
    risk 0.00cvss epss 0.04

    includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.

  • CVE-2008-6170Feb 19, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

  • CVE-2008-4793Oct 29, 2008
    risk 0.00cvss epss 0.02

    The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

  • CVE-2008-4792Oct 29, 2008
    risk 0.00cvss epss 0.01

    The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

  • CVE-2008-4791Oct 29, 2008
    risk 0.00cvss epss 0.02

    The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

  • CVE-2008-4790Oct 29, 2008
    risk 0.00cvss epss 0.01

    The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

  • CVE-2008-4789Oct 29, 2008
    risk 0.00cvss epss 0.01

    The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Page 7 of 11