National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 1021 through 1040.
Vuln ID Summary CVSS Severity
CVE-2006-4821

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 15, 2006; 06:07:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-4717

The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.

Published: September 12, 2006; 12:07:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4646

Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: September 08, 2006; 05:04:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2006-4355

Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 2.6 LOW
CVE-2006-4356

SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4360

Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.

Published: August 26, 2006; 10:04:00 PM -04:00
    V2: 3.5 LOW
CVE-2006-4120

Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 14, 2006; 07:04:00 PM -04:00
    V2: 5.1 MEDIUM
CVE-2006-4107

SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4108

SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-4109

Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: August 14, 2006; 04:04:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-4002

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.

Published: August 07, 2006; 03:04:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-3570

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 12, 2006; 09:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-3473

CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.

Published: July 10, 2006; 04:05:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-2831

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.

Published: June 05, 2006; 08:02:00 PM -04:00
    V2: 7.5 HIGH
CVE-2006-2832

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Published: June 05, 2006; 08:02:00 PM -04:00
    V2: 2.6 LOW
CVE-2006-2833

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.

Published: June 05, 2006; 08:02:00 PM -04:00
    V2: 2.6 LOW
CVE-2006-2742

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

Published: June 01, 2006; 06:02:00 AM -04:00
    V2: 7.5 HIGH
CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

Published: June 01, 2006; 06:02:00 AM -04:00
    V2: 5.1 MEDIUM
CVE-2006-2260

Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Published: May 09, 2006; 06:02:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2006-1225

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

Published: March 14, 2006; 02:06:00 PM -05:00
    V2: 5.0 MEDIUM