Количество 1 966
Количество 1 966
CVE-2008-5996
Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.
CVE-2008-4710
Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-4633
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...
CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2008-2998
Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-2771
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
CVE-2008-1980
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1978
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
CVE-2008-1792
Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-1731
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking.
CVE-2008-0462
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-0658
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
CVE-2006-4120
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
BDU:2022-06302
Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код
BDU:2022-01067
Уязвимость модуля Quick Edit системы управления содержимым Drupal, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2021-04622
Уязвимость ядра CMS-системы Drupal, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2008-5996 Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | CVSS2: 3.5 | 0% Низкий | больше 16 лет назад |
| CVE-2008-4710 Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 16 лет назад |
| CVE-2008-4633 SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | CVSS2: 6 | 0% Низкий | больше 16 лет назад |
 | CVE-2008-3745 The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | CVSS2: 5.5 | 1% Низкий | почти 17 лет назад |
| CVE-2008-3745 The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | CVSS2: 5.5 | 1% Низкий | почти 17 лет назад |
| CVE-2008-3745 The Upload module in Drupal 6.x before 6.4 allows remote authenticated ... | CVSS2: 5.5 | 1% Низкий | почти 17 лет назад |
| CVE-2008-2999 Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | CVSS2: 7.5 | 0% Низкий | почти 17 лет назад |
| CVE-2008-2998 Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | почти 17 лет назад |
| CVE-2008-2771 The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | CVSS2: 5 | 0% Низкий | около 17 лет назад |
| CVE-2008-2629 SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | CVSS2: 7.5 | 0% Низкий | около 17 лет назад |
| CVE-2008-1980 Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | около 17 лет назад |
| CVE-2008-1978 Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | CVSS2: 3.5 | 0% Низкий | около 17 лет назад |
| CVE-2008-1792 Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | около 17 лет назад |
| CVE-2008-1731 The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances related to interaction between Simple Access and (1) Node clone or (2) Project issue tracking. | CVSS2: 7.5 | 0% Низкий | около 17 лет назад |
| CVE-2008-0462 Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 17 лет назад |
| CVE-2007-0658 The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. | CVSS2: 5 | 1% Низкий | больше 18 лет назад |
| CVE-2006-4120 Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 5.1 | 1% Низкий | почти 19 лет назад |
 | BDU:2022-06302 Уязвимость CMS-системы Drupal, связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 0% Низкий | около 4 лет назад |
| BDU:2022-01067 Уязвимость модуля Quick Edit системы управления содержимым Drupal, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| BDU:2021-04622 Уязвимость ядра CMS-системы Drupal, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.1 | 1% Низкий | почти 5 лет назад |
Уязвимостей на страницу