Lucene search
+L

120 matches found

Drupal
Drupal
added 2008/01/30 12:0 a.m.21 views

SA-2008-011 - Securesite - Access bypass

The Secure Site module provides functions for placing your site behind HTTP based authentication. The module contains a flaw that allows an attacker who is behind the same proxy as a logged in user, to access the site as if the attacker is the user. Versions affected Secure Site for Drupal 5.x an...

6.7AI score
Exploits0References5
Drupal
Drupal
added 2008/01/23 12:0 a.m.13 views

SA-2008-10 - Archive - Cross site scripting

The Archive module provides a replacement for the archive functionality that was present in Drupal 4.7. Certain URL arguments are not escaped before display. It is therefore possible to inject arbitrary HTML and script code into certain archive pages, which may lead to administrator access if...

6.4AI score
Exploits0References5
Cvelist
Cvelist
added 2008/01/15 7:0 p.m.43 views

CVE-2008-0272

Cross-site request forgery CSRF vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users...

6.6AI score0.01113EPSS
Exploits0References9
Cvelist
Cvelist
added 2008/01/15 7:0 p.m.24 views

CVE-2008-0274

Cross-site scripting XSS vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files...

5.6AI score0.01545EPSS
Exploits0References9
Drupal
Drupal
added 2008/01/14 12:0 a.m.16 views

SA-2008-008 - Meta tags - Arbitrary code execution

The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server. Versions affected Meta tags for Drupal...

7.8AI score
Exploits0References4
Drupal
Drupal
added 2008/01/10 12:0 a.m.13 views

SA-2008-001 - Devel - Cross site scripting

The devel module contains many useful developer functions, such as a query log and the display of variables. The contents of the variable table is not escaped prior to display. Should an unprivileged user be able to control the contents of a site variable, it would be possible to inject arbitrary...

6.3AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.14 views

SA-2008-002 - Atom - Access bypass

The Atom module provides a list of node titles, and teasers or bodies as part of a syndication feed. In certain conditions, the titles, teasers, and body were not respecting access permissions, potentially exposing content to syndication not available otherwise. Versions affected Atom for Drupal...

7AI score
Exploits0References5
Drupal
Drupal
added 2008/01/10 12:0 a.m.490 views

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are invalid in the...

6.5AI score
Exploits0References7
NVD
NVD
added 2007/12/10 6:46 p.m.12 views

CVE-2007-6298

Cross-site scripting XSS vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages...

4.3CVSS5.3AI score0.011EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/12/10 6:0 p.m.21 views

CVE-2007-6298

Cross-site scripting XSS vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages...

5.3AI score0.011EPSS
Exploits1References5
Drupal
Drupal
added 2007/12/05 12:0 a.m.14 views

SA-2007-032 - Shoutbox - Cross site scripting

Message sent from the Shoutbox block, where visitors can quickly post short messages, are not properly sanitized in a number of cases. This allows malicious users to inject arbitrary HTML and script code into the block. Learn more about cross site scripting on Wikipedia. Versions affected Shoutbo...

6.4AI score
Exploits0References5
Prion
Prion
added 2007/10/19 11:17 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.01419EPSS
Exploits0References5Affected Software1
Drupal
Drupal
added 2007/10/17 12:0 a.m.18 views

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...

6.8AI score
Exploits0References6
Prion
Prion
added 2007/07/30 5:30 p.m.24 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

4.3CVSS7.5AI score0.01271EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2007/07/30 5:30 p.m.38 views

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

4.3CVSS5.9AI score0.01271EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/07/30 5:0 p.m.33 views

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

6.8AI score0.01271EPSS
Exploits0References6
Drupal
Drupal
added 2007/07/09 12:0 a.m.21 views

Print - Access bypass

Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...

6.9AI score
Exploits0References4
Prion
Prion
added 2007/03/08 10:19 p.m.15 views

Code injection

Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters...

6CVSS6.8AI score0.01658EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2007/02/15 12:0 a.m.23 views

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.57 views

[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-005 ---------------------------------------------------------------------------- Project: Drupal core Version: 4.7.x, 5.x Date: 2007-Jan-29 Security risk: Highy critical Exploitabl...

0.6AI score
Exploits0
Rows per page
Query Builder