Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-5998 |
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. Published: January 28, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-5996 |
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. Published: January 28, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-4793 |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. Published: October 29, 2008; 11:31:35 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4792 |
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. Published: October 29, 2008; 11:31:35 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4791 |
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. Published: October 29, 2008; 11:31:35 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4790 |
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. Published: October 29, 2008; 11:31:35 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4789 |
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." Published: October 29, 2008; 11:31:35 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4710 |
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: October 23, 2008; 1:17:14 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4633 |
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." Published: October 20, 2008; 9:18:02 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4598 |
Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. Published: October 17, 2008; 5:29:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4597 |
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. Published: October 17, 2008; 5:29:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4596 |
Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. Published: October 17, 2008; 5:29:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4531 |
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. Published: October 09, 2008; 2:14:15 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4530 |
Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. Published: October 09, 2008; 2:14:15 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-4338 |
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. Published: September 30, 2008; 1:22:09 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-4153 |
The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information. Published: September 24, 2008; 1:41:39 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4152 |
Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title. Published: September 24, 2008; 1:41:39 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-4149 |
Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link page header" field. Published: September 24, 2008; 1:41:38 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-4148 |
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. Published: September 24, 2008; 1:41:38 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-4147 |
Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified Content-Type. Published: September 24, 2008; 1:41:38 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |