National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 881 through 900.
Vuln ID Summary CVSS Severity
CVE-2008-6136

Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors.

Published: February 13, 2009; 09:30:00 PM -05:00
    V2: 7.5 HIGH
CVE-2008-6135

Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 13, 2009; 09:30:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-6134

SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: February 13, 2009; 09:30:00 PM -05:00
    V2: 7.5 HIGH
CVE-2009-0575

Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information.

Published: February 13, 2009; 12:30:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-6020

SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."

Published: February 02, 2009; 05:00:00 PM -05:00
    V2: 7.5 HIGH
CVE-2009-0382

Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors.

Published: February 02, 2009; 02:30:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-5999

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

Published: January 28, 2009; 10:30:00 AM -05:00
    V2: 3.5 LOW
CVE-2008-5998

Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.

Published: January 28, 2009; 10:30:00 AM -05:00
    V2: 6.0 MEDIUM
CVE-2008-5996

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

Published: January 28, 2009; 10:30:00 AM -05:00
    V2: 3.5 LOW
CVE-2008-4793

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.

Published: October 29, 2008; 11:31:35 AM -04:00
    V2: 7.5 HIGH
CVE-2008-4792

The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.

Published: October 29, 2008; 11:31:35 AM -04:00
    V2: 6.0 MEDIUM
CVE-2008-4791

The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors.

Published: October 29, 2008; 11:31:35 AM -04:00
    V2: 6.0 MEDIUM
CVE-2008-4790

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.

Published: October 29, 2008; 11:31:35 AM -04:00
    V2: 6.0 MEDIUM
CVE-2008-4789

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."

Published: October 29, 2008; 11:31:35 AM -04:00
    V2: 6.0 MEDIUM
CVE-2008-4710

Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: October 23, 2008; 01:17:14 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-4633

SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

Published: October 20, 2008; 09:18:02 PM -04:00
    V2: 6.0 MEDIUM
CVE-2008-4598

Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.

Published: October 17, 2008; 05:29:02 PM -04:00
    V2: 7.5 HIGH
CVE-2008-4597

Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.

Published: October 17, 2008; 05:29:02 PM -04:00
    V2: 7.5 HIGH
CVE-2008-4596

Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.

Published: October 17, 2008; 05:29:02 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-4531

SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.

Published: October 09, 2008; 02:14:15 PM -04:00
    V2: 7.5 HIGH