Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Internationalization i18n Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors...

CVE-2008-1981

Cross-site request forgery CSRF vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors...

CVE-2008-1981

Cross-site request forgery CSRF vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors...

CVE-2008-1792

Cross-site scripting XSS vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-0264

Unspecified vulnerability in the Meta Tags aka Nodewords 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node...

CVE-2006-7110

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences...

Extended Tracker - SQL Injection

The contributed module Extended Tracker xtracker accepts parameters from URLs and uses those unescaped in SQL queries, allowing malicious users to execute SQL injection attacks. This may result in them gaining administrator privileges. Versions affected Please check the CVS $Id$ fields in the fil...

CVE-2006-3473

CRLF injection vulnerability in formmail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225...

CVE-2006-3473

CRLF injection vulnerability in formmail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225...

CVE-2006-3473

CVE-2006-3473 describes a CRLF injection vulnerability in the Drupal form_mail module, affecting versions before 1.8.2.2. An attacker could remotely inject email headers, enabling the Drupal site to be used to send spam. This issue is explicitly noted as a different issue than CVE-2006-1225. The ...