National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Drupal
  • Search Type: Search All
There are 1,061 matching records.
Displaying matches 941 through 960.
Vuln ID Summary CVSS Severity
CVE-2008-2850

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.

Published: June 25, 2008; 08:36:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-2771

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-2772

The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."

Published: June 18, 2008; 06:41:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2773

Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 18, 2008; 06:41:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-2629

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Published: June 09, 2008; 08:32:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-2271

The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database.

Published: May 16, 2008; 08:54:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-1976

Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1977

Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1978

Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.

Published: April 27, 2008; 04:05:00 PM -04:00
    V2: 3.5 LOW
CVE-2008-1980

Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1981

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

Published: April 27, 2008; 04:05:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1916

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.

Published: April 23, 2008; 09:05:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1792

Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 15, 2008; 01:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1794

Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 15, 2008; 01:05:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1729

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types.

Published: April 11, 2008; 03:05:00 PM -04:00
    V2: 5.8 MEDIUM
CVE-2008-1731

The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.

Published: April 11, 2008; 03:05:00 PM -04:00
    V2: 7.5 HIGH
CVE-2008-1428

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.

Published: March 20, 2008; 02:44:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-1133

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

Published: March 04, 2008; 01:44:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-1131

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

Published: March 03, 2008; 07:44:00 PM -05:00
    V2: 3.5 LOW
CVE-2008-0823

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.

Published: February 19, 2008; 03:44:00 PM -05:00
    V2: 10.0 HIGH