Filtered by vendor Drupal
Subscribe
Total
851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4148 | 1 Drupal | 1 Mailhandler | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. | |||||
| CVE-2009-3350 | 2 Drupal, Roshan Shah | 2 Drupal, Subdomain Manager | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | |||||
| CVE-2009-4516 | 2 Drupal, Nanwich | 2 Drupal, Faq Ask | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-6909 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | 6.5 MEDIUM | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and gain privileges. | |||||
| CVE-2008-4531 | 1 Drupal | 1 Brilliant Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. | |||||
| CVE-2009-3784 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2025-04-09 | 6.8 MEDIUM | N/A |
| Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2007-0124 | 1 Drupal | 1 Drupal | 2025-04-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | |||||
| CVE-2009-4520 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Commentreference | 2025-04-09 | 5.0 MEDIUM | N/A |
| The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. | |||||
| CVE-2008-4710 | 1 Drupal | 2 Drupal, Stock Module | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2629 | 2 Drupal, Lifetype | 2 Drupal, Lifetype | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | |||||
| CVE-2009-4066 | 2 Drupal, Paul Beaney | 2 Drupal, Phplist | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. | |||||
| CVE-2008-3223 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields." | |||||
| CVE-2009-3363 | 2 Drupal, Ufku Bayburt | 2 Drupal, Bueditor | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor." | |||||
| CVE-2008-1978 | 1 Drupal | 2 Drupal, Ubercart Module | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | |||||
| CVE-2009-3914 | 2 Drupal, Wolfgang Ziegler | 2 Drupal, Temporary Invitation | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. | |||||
| CVE-2008-6169 | 1 Drupal | 2 Localization Client, Localization Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." | |||||
| CVE-2007-5597 | 1 Drupal | 1 Drupal | 2025-04-09 | 4.3 MEDIUM | N/A |
| The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. | |||||
| CVE-2007-4363 | 1 Drupal | 1 Content Construction Kit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. | |||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2025-04-09 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | |||||
| CVE-2007-5593 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | 6.8 MEDIUM | N/A |
| install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | |||||