National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,050 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2008-3094

The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-3095

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 3.5 LOW
CVE-2008-3096

The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2008-3097

Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 3.5 LOW
CVE-2008-2998

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-2999

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-3000

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2008-3001

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 9.3 HIGH
CVE-2008-2849

Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: June 25, 2008; 08:36:00 AM -04:00
V2: 3.5 LOW
CVE-2008-2850

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.

Published: June 25, 2008; 08:36:00 AM -04:00
V2: 7.5 HIGH
CVE-2008-2771

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-2773

Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-2629

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

Published: May 16, 2008; 08:54:00 AM -04:00
V2: 7.5 HIGH
CVE-2008-1976

Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-1977

Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-1978

Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 3.5 LOW
CVE-2008-1980

Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-1981

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 6.8 MEDIUM