MiracleLinux 3 : drupal-6.4-3AXS3 (AXBA:2008-316:03)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXBA:2008-316:03 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions vi...

Linux Distros Unpatched Vulnerability : CVE-2015-6660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that...

SUSE CVE-2015-2749

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...

UBUNTU-CVE-2015-2749

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter...

UBUNTU-CVE-2016-3168

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content, aka a "reflected file download vulnerability."...

UBUNTU-CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

UBUNTU-CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors...

UBUNTU-CVE-2013-6386

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mtrand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack...

CVE-2011-1662

Cross-site scripting XSS vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SA-CONTRIB-2010-108 - Who Bought What|Ubercart - Multiple Vulnerabilities

The Who Bought What-module collects and displays relevant information about purchases, including purchaser name, quantity, payment status, and all attributes. The module does not properly sanitize arguments passed via the URL when used in SQL queries, leading to a SQL Injection vulnerability...

SA-CONTRIB-2010-107 - Services - Access bypass

The Services module allows users to expose Drupal functionality to remote users. Services provides the ability for users to update nodes contained in a drupal install via the services api. When using using the node.save service it is possible for a user to supply a specifically crafted node or...

SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting

The devel project is a suite of modules for developers and themers. Within the devel project, there is the performance logging module. The module does not escape URLs comprised of node paths, leading to a Cross Site Scripting XSS vulnerability. Users with the permission to access the reports that...

SA-CONTRIB-2010-073 - Multiple Vulnerabilities In Multiple Contributed Modules

Versions affected and proposed solutions Simple Gallery for Drupal 6.x This module creates a simple gallery using taxonomy and CCK imagefields. The module is vulnerable to a Cross Site Scripting XSS attack. This can be exploited by users with the ability to add taxonomy terms or tag content...

SA-CONTRIB-2009-086 - OpenSocial Shindig-Integrator - Cross Site Scripting

The OpenSocial Shindig-Integrator module enables sites to host OpenSocial widgets. The module fails to sanitize user input, making it vulnerable to cross site scripting XSS attacks. This vulnerability is somewhat limited by the fact that an attacker would need an account with the permissions to...