Filtered by vendor Drupal
Subscriptions
Total
907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | ||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||||
| CVE-2008-6910 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2025-04-09 | N/A |
| Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | ||||
| CVE-2009-0818 | 1 Drupal | 2 Drupal, Taxonomy Theme Module | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1034 | 1 Drupal | 1 Tasklist | 2025-04-09 | N/A |
| SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. | ||||
| CVE-2009-1738 | 2 Drupal, Ivanjaros | 2 Drupal, Feed Block | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items." | ||||
| CVE-2009-2075 | 2 Angrydonuts, Drupal | 2 Nodequeue, Drupal | 2025-04-09 | N/A |
| Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | ||||
| CVE-2009-3652 | 2 Drupal, Moshe Weitzman | 2 Drupal, Organic Groups | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. | ||||
| CVE-2009-3654 | 2 316solutions, Drupal | 2 Boost, Drupal | 2025-04-09 | N/A |
| Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. | ||||
| CVE-2009-3656 | 2 Drupal, Tim Nelson | 2 Drupal, Shared Sign-on | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
| CVE-2009-3785 | 2 Drupal, Sjoerd Arendsen | 2 Drupal, Simplenews Statistics | 2025-04-09 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. | ||||
| CVE-2009-3786 | 2 Drupal, Moshe Weitzman | 2 Drupal, Og Vocab | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. | ||||
| CVE-2008-3221 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of OpenID identities. | ||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | ||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | ||||
| CVE-2008-4792 | 1 Drupal | 1 Drupal | 2025-04-09 | N/A |
| The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | ||||
| CVE-2008-5996 | 2 Drupal, Link3 | 2 Drupal, Simplenews | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | ||||
| CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2025-04-09 | N/A |
| SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-1036 | 1 Drupal | 2 Drupal, Plus1 | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI. | ||||
| CVE-2009-1037 | 1 Drupal | 2 Drupal, Print | 2025-04-09 | N/A |
| Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API. | ||||