Search Results (Refine Search)
- Keyword (text search): drupal
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-3689 |
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. Published: July 11, 2007; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-3690 |
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. Published: July 11, 2007; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-2159 |
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface. Published: April 22, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2160 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476. Published: April 22, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1368 |
The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. Published: March 09, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2007-1360 |
Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters. Published: March 08, 2007; 5:19:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2006-7109 |
Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. Published: March 05, 2007; 3:19:00 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2006-7110 |
Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. Published: March 05, 2007; 3:19:00 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2007-1028 |
Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. Published: February 21, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-1033 |
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. Published: February 21, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1035 |
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. Published: February 21, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-0841 |
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. Published: February 07, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-0658 |
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. Published: February 01, 2007; 5:28:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-0626 |
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." Published: January 31, 2007; 1:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2007-0534 |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." Published: January 25, 2007; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-0505 |
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. Published: January 25, 2007; 7:28:00 PM -0500 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2007-0506 |
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. Published: January 25, 2007; 7:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2007-0507 |
SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. Published: January 25, 2007; 7:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2007-0136 |
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. Published: January 09, 2007; 6:28:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-0124 |
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. Published: January 08, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |