Drupal

Drupal

266 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.93%
  • Published 21.05.2012 20:55:18
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."

  • EPSS 0.36%
  • Published 18.05.2012 20:55:06
  • Last modified 11.04.2025 00:51:21

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Exploit
  • EPSS 1.47%
  • Published 28.03.2012 10:54:59
  • Last modified 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of...

Exploit
  • EPSS 1.03%
  • Published 23.09.2011 23:55:03
  • Last modified 11.04.2025 00:51:21

Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and cert...

  • EPSS 0.77%
  • Published 27.07.2011 02:55:02
  • Last modified 11.04.2025 00:51:21

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

  • EPSS 0.63%
  • Published 29.09.2010 17:00:05
  • Last modified 11.04.2025 00:51:21

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by le...

  • EPSS 0.63%
  • Published 29.09.2010 17:00:05
  • Last modified 11.04.2025 00:51:21

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an asserti...

  • EPSS 0.63%
  • Published 29.09.2010 17:00:04
  • Last modified 11.04.2025 00:51:21

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an as...

  • EPSS 0.17%
  • Published 21.09.2010 20:00:02
  • Last modified 11.04.2025 00:51:21

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a fil...

  • EPSS 0.25%
  • Published 21.09.2010 20:00:02
  • Last modified 11.04.2025 00:51:21

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" is...