167 matches found
Exploit for CVE-2013-2094
PoC exploit for CVE-2013-2094, a vulnerability in the Oracle Jav...
SA-CONTRIB-2012-170 - MultiLink - Access Bypass
MultiLink allows you to generate in-content links to a suitable node or node translation based on the visitor's language preferences. It allows the Node Title of the target node to be shown as the visible text and title attribute for the generated link. Prior to versions 6.x-2.7 and 7.x-2.7 the...
SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution
Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...
CVE-2010-0071
creationtimestamp| type| source ---|---|--- 2010-01-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33506 2025-08-31 03:01:31+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:13:08+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...
Format string
Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibl...
Fedora 11 : drupal-6.13-1.fc11 (2009-7315)
Fixes SA-CORE-2009-007 http://drupal.org/node/507572 . Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. Multiple vulnerabilities and weaknesses were discovered in Drupal...
SA-CONTRIB-2009-040 - Advanced Forum - Multiple vulnerabilities
Cross-site scripting The Advanced Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML and script code into forum pages. Such a cross-site scriptin...
SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross-site scripting The Forum module does not correctly handle certain arguments obtained from the URL. By enticing a suitably privileged user to visit a specially crafted URL, a malicious user is able to insert arbitrary HTML an...
CVE-2008-6533
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-6533
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
Cross site scripting
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2008-6533
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...
FreeBSD : drupal -- multiple vulnerabilities (609c790e-ce0a-11dd-a721-0030843d3802)
The Drupal Project reports : The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser user 1 to execute old updates that may damage the database. When an input format is deleted, not all existing content on a site is updated to reflect this deletion...
drupal -- multiple vulnerabilities
The Drupal Project reports: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser user 1 to execute old updates that may damage the database. When an input format is deleted, not all existing content on a site is updated to reflect this deletion...
CVE-2008-5079
creationtimestamp| type| source ---|---|--- 2008-12-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/7405 2025-08-31 03:01:18+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
Drupal < 5.1 (post comments) Remote Command Execution Exploit v2
No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...
Drupal Comment_Form_Add_Preview函数远程代码执行漏洞
Drupal是一款开放源码的内容管理平台。 Drupal不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是评注中的预览没有从普通验证函数通过就直接传递,启用用户可使用'post comments'权限并访问超过一个输入格式过滤来执行任意代码。默认情况下,匿名和验证用户只能访问仅一个输入格式。 vbDrupal 4.7.5 Drupal 4.7.5 Drupal 4.7.4 Drupal 4.7.4 Drupal 4.7.3 Drupal 4.7.3 Drupal 4.7.2 Drupal 4.7.1 Drupal 4.7 Drupal 5.0 补丁下载:...
CVE-2025-58698
CVE-2025-58698 is rejected/not used per the Initial Description and does not represent an active vulnerability entry.
CVE-2025-58168
...
CVE-2023-3948
...