National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 921 through 940.
Vuln ID Summary CVSS Severity
CVE-2008-3223

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

Published: July 18, 2008; 12:41:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-3091

Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 3.5 LOW
CVE-2008-3092

SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2008-3094

The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-3095

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 3.5 LOW
CVE-2008-3096

The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 6.5 MEDIUM
CVE-2008-3097

Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term.

Published: July 09, 2008; 03:33:00 PM -04:00
V2: 3.5 LOW
CVE-2008-2998

Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-2999

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-3000

The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 6.8 MEDIUM
CVE-2008-3001

The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

Published: July 03, 2008; 02:41:00 PM -04:00
V2: 9.3 HIGH
CVE-2008-2849

Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.

Published: June 25, 2008; 08:36:00 AM -04:00
V2: 3.5 LOW
CVE-2008-2850

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.

Published: June 25, 2008; 08:36:00 AM -04:00
V2: 7.5 HIGH
CVE-2008-2771

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-2773

Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-2629

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
V2: 7.5 HIGH
CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

Published: May 16, 2008; 08:54:00 AM -04:00
V2: 7.5 HIGH
CVE-2008-1976

Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-1977

Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
V2: 4.3 MEDIUM