Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-4002

  • EPSS 0.57%
  • Veröffentlicht 07.08.2006 19:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third p...

4.3

CVE-2006-3570

  • EPSS 0.43%
  • Veröffentlicht 13.07.2006 01:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.5

CVE-2006-2831

  • EPSS 2.1%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple exte...

2.6

CVE-2006-2832

  • EPSS 0.53%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

2.6

CVE-2006-2833

  • EPSS 1.01%
  • Veröffentlicht 06.06.2006 00:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the ...

7.5

CVE-2006-2742

  • EPSS 0.97%
  • Veröffentlicht 01.06.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

5.1

CVE-2006-2743

  • EPSS 22.71%
  • Veröffentlicht 01.06.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

4.3

CVE-2006-2260

  • EPSS 0.43%
  • Veröffentlicht 09.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

5

CVE-2006-1225

  • EPSS 1.08%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

4.3

CVE-2006-1226

  • EPSS 0.95%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.