Filtered by vendor Drupal
Subscribe
Total
834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0259 | 2 Boxes Project, Drupal | 2 Boxes, Drupal | 2024-02-28 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. | |||||
| CVE-2012-5557 | 2 Drupal, User Read-only Project | 2 Drupal, User Readonly | 2024-02-28 | 3.6 LOW | N/A |
| The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. | |||||
| CVE-2012-2703 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2024-02-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." | |||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | |||||
| CVE-2012-1641 | 2 Danielb, Drupal | 2 Finder, Drupal | 2024-02-28 | 6.0 MEDIUM | N/A |
| The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. | |||||
| CVE-2012-5537 | 2 Drupal, Simplenews Scheduler Project | 2 Drupal, Simplenews Scheduler | 2024-02-28 | 6.0 MEDIUM | N/A |
| The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron. | |||||
| CVE-2012-1627 | 2 Drupal, Marvil07 | 2 Drupal, Vote Up Down | 2024-02-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms. | |||||
| CVE-2012-4478 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2012-4498 | 2 Drupal, Morbus Iff | 2 Drupal, Activism | 2024-02-28 | 7.5 HIGH | N/A |
| The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact. | |||||
| CVE-2012-2303 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2024-02-28 | 7.5 HIGH | N/A |
| The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | |||||
| CVE-2012-2704 | 2 Drupal, John Franklin | 2 Drupal, Advertisement | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. | |||||
| CVE-2012-1644 | 2 Drupal, Gizra | 2 Drupal, Og Vocab | 2024-02-28 | 2.1 LOW | N/A |
| The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. | |||||
| CVE-2012-3798 | 2 Bryce Hamrick, Drupal | 2 Janrain Capture, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. | |||||
| CVE-2012-5541 | 2 Drupal, Twitter Pull Project | 2 Drupal, Twitter Pull | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter." | |||||
| CVE-2013-0182 | 2 Bart Feenstra, Drupal | 2 Payment, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. | |||||
| CVE-2012-5552 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks." | |||||
| CVE-2012-2062 | 2 Drupal, Sami Kiminki | 2 Drupal, Redirecting Click Bouncer | 2024-02-28 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-4482 | 2 Drupal, Longwaveconsulting | 2 Drupal, Ubercart Securetrading Payment Method Module | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. | |||||
| CVE-2012-2056 | 2 Drupal, Nathan Brink | 2 Drupal, Content Lock | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-1589 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. | |||||