Filtered by vendor Drupal
Subscribe
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4633 | 1 Drupal | 2 Drupal, Node Clone | 2017-08-08 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | |||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | |||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | |||||
| CVE-2008-4790 | 1 Drupal | 1 Drupal | 2017-08-08 | 6.0 MEDIUM | N/A |
| The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | |||||
| CVE-2008-2772 | 1 Drupal | 1 Magic Tabs Module | 2017-08-08 | 7.5 HIGH | N/A |
| The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | |||||
| CVE-2008-2850 | 1 Drupal | 1 Trailscout Module | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API. | |||||
| CVE-2008-2773 | 1 Drupal | 1 Taxonomy Image Module | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3095 | 1 Drupal | 1 Organic Groups Module | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2998 | 1 Drupal | 2 Aggregation Module, Drupal | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2017-08-08 | 9.3 HIGH | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | |||||
| CVE-2008-3097 | 1 Drupal | 1 Tinytax Taxonomy Block Module | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term. | |||||
| CVE-2008-3096 | 1 Drupal | 1 Outline Designer Module | 2017-08-08 | 6.5 MEDIUM | N/A |
| The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges. | |||||
| CVE-2008-3500 | 1 Drupal | 1 Suggested Terms Module | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms. | |||||
| CVE-2008-2771 | 1 Drupal | 2 Drupal, Node Hierarchy Module | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | |||||
| CVE-2008-3091 | 1 Drupal | 1 Taxonomy Autotagger Module | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3092 | 1 Drupal | 1 Taxonomy Autotagger Module | 2017-08-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3000 | 1 Drupal | 1 Aggregation Module | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2008-2999 | 1 Drupal | 2 Aggregation Module, Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2849 | 1 Drupal | 1 Trailscout Module | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1980 | 1 Drupal | 2 Drupal, E-publish | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||