Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.8

CVE-2008-3222

  • EPSS 1.06%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

7.5

CVE-2008-3223

  • EPSS 1.14%
  • Veröffentlicht 18.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

7.5

CVE-2008-2999

  • EPSS 0.46%
  • Veröffentlicht 03.07.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

5

CVE-2008-2771

  • EPSS 0.17%
  • Veröffentlicht 18.06.2008 22:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspeci...

5.8

CVE-2008-1729

  • EPSS 0.62%
  • Veröffentlicht 11.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for t...

4.3

CVE-2008-1133

  • EPSS 0.39%
  • Veröffentlicht 04.03.2008 18:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

3.5

CVE-2008-1131

  • EPSS 0.25%
  • Veröffentlicht 04.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.

4.3

CVE-2008-0462

  • EPSS 0.3%
  • Veröffentlicht 25.01.2008 16:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-0272

  • EPSS 0.3%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

4.3

CVE-2008-0273

  • EPSS 0.46%
  • Veröffentlicht 15.01.2008 20:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Dr...