Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0818 |
Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2009-0817 |
Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-6384 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Comment Mail 5.x before 5.x-1.1, a module for Drupal, allow remote attackers to hijack the authentication of administrators. Published: March 02, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-6383 |
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. Published: March 02, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2008-6276 |
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. Published: February 25, 2009; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2008-6275 |
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. Published: February 25, 2009; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-6229 |
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. Published: February 20, 2009; 6:30:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-6171 |
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. Published: February 19, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-6170 |
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. Published: February 19, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-6169 |
Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface." Published: February 19, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-6160 |
Semantically-Interconnected Online Communities (SIOC) 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors. Published: February 18, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-0603 |
Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information. Published: February 16, 2009; 3:30:03 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2008-6137 |
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. Published: February 13, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-6136 |
Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. Published: February 13, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-6135 |
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: February 13, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-6134 |
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Published: February 13, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-0575 |
Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. Published: February 13, 2009; 12:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-6020 |
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." Published: February 02, 2009; 5:00:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-0382 |
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. Published: February 02, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-5999 |
Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. Published: January 28, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |