Filtered by vendor Drupal
Subscribe
Total
834 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5653 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-28 | 6.0 MEDIUM | N/A |
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name. | |||||
CVE-2012-2922 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. | |||||
CVE-2010-5275 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2067 | 2 Ckeditor, Drupal | 3 Ckeditor, Fckeditor, Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-5553 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2024-02-28 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. | |||||
CVE-2012-4484 | 2 Drupal, Trexart | 2 Drupal, Campaignmonitor | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). | |||||
CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | |||||
CVE-2012-4471 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors. | |||||
CVE-2012-2063 | 2 Brian Altenhofel, Drupal | 2 Slidebox, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2012-2064 | 2 Drupal, Mark Theunissen | 2 Drupal, Views Lang Switch | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2011-5189 | 2 Drupal, Svendecabooter | 2 Drupal, Webform Validation | 2024-02-28 | 2.1 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2305 | 2 Drupal, Justin Ellison | 2 Drupal, Node Gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. | |||||
CVE-2013-0224 | 2 Drupal, Video Project | 2 Drupal, Video | 2024-02-28 | 4.4 MEDIUM | N/A |
The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file. | |||||
CVE-2012-4490 | 2 Drupal, Ricky Morse | 2 Drupal, Excluded Users | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address. | |||||
CVE-2012-1655 | 2 Drupal, Sven Decabooter | 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. | |||||
CVE-2013-7067 | 2 Drupal, Mike Stefanello | 2 Drupal, Og Features | 2024-02-28 | 5.8 MEDIUM | N/A |
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | |||||
CVE-2012-2300 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2024-02-28 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4174 | 2 Drupal, Ows | 2 Drupal, Scald | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. | |||||
CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2024-02-28 | 5.8 MEDIUM | N/A |
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | |||||
CVE-2012-2731 | 2 Drupal, Richardo Ante | 2 Drupal, Ubercart Ajax Cart | 2024-02-28 | 2.6 LOW | N/A |
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. |