Drupal

Drupal

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2007-0124

Exploit
  • EPSS 0.86%
  • Veröffentlicht 09.01.2007 02:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors ...

6.8

CVE-2006-5475

  • EPSS 1.57%
  • Veröffentlicht 24.10.2006 20:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.

7.5

CVE-2006-5476

  • EPSS 1.16%
  • Veröffentlicht 24.10.2006 20:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.

2.6

CVE-2006-5477

  • EPSS 0.66%
  • Veröffentlicht 24.10.2006 20:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.

5.1

CVE-2006-4120

  • EPSS 1.67%
  • Veröffentlicht 14.08.2006 23:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2006-4002

  • EPSS 0.57%
  • Veröffentlicht 07.08.2006 19:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third p...

4.3

CVE-2006-3570

  • EPSS 0.43%
  • Veröffentlicht 13.07.2006 01:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2006-2831

  • EPSS 4.25%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple exte...

2.6

CVE-2006-2832

  • EPSS 0.53%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

2.6

CVE-2006-2833

  • EPSS 1.01%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the ...