Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2017-08-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | |||||
| CVE-2008-5999 | 1 Drupal | 2 Ajax Checklist, Drupal | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter. | |||||
| CVE-2008-5996 | 2 Drupal, Link3 | 2 Drupal, Simplenews | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. | |||||
| CVE-2008-4793 | 1 Drupal | 1 Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | |||||
| CVE-2008-4790 | 1 Drupal | 1 Drupal | 2017-08-08 | 6.0 MEDIUM | N/A |
| The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. | |||||
| CVE-2008-4789 | 1 Drupal | 1 Drupal | 2017-08-08 | 6.0 MEDIUM | N/A |
| The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." | |||||
| CVE-2008-4710 | 1 Drupal | 2 Drupal, Stock Module | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4633 | 1 Drupal | 2 Drupal, Node Clone | 2017-08-08 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | |||||
| CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2017-08-08 | 5.5 MEDIUM | N/A |
| The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | |||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | |||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2017-08-08 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | |||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2017-08-08 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | |||||
| CVE-2008-3741 | 1 Drupal | 1 Drupal | 2017-08-08 | 3.5 LOW | N/A |
| The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | |||||
| CVE-2008-3740 | 1 Drupal | 1 Drupal | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2999 | 1 Drupal | 2 Aggregation Module, Drupal | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2998 | 1 Drupal | 2 Aggregation Module, Drupal | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2771 | 1 Drupal | 2 Drupal, Node Hierarchy Module | 2017-08-08 | 5.0 MEDIUM | N/A |
| The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | |||||
| CVE-2008-1980 | 1 Drupal | 2 Drupal, E-publish | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1978 | 1 Drupal | 2 Drupal, Ubercart Module | 2017-08-08 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | |||||