Drupal

Drupal

266 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-2742

  • EPSS 0.97%
  • Veröffentlicht 01.06.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc.

5.1

CVE-2006-2743

  • EPSS 20.07%
  • Veröffentlicht 01.06.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.

4.3

CVE-2006-2260

  • EPSS 0.43%
  • Veröffentlicht 09.05.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

5

CVE-2006-1225

  • EPSS 1.08%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

4.3

CVE-2006-1226

  • EPSS 0.95%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.6

CVE-2006-1227

  • EPSS 0.87%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.

5.1

CVE-2006-1228

  • EPSS 2.17%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

4.3

CVE-2006-0070

Exploit
  • EPSS 0.66%
  • Veröffentlicht 04.01.2006 00:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the ...

4.3

CVE-2005-3973

  • EPSS 0.61%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value paramet...

6.4

CVE-2005-3974

  • EPSS 0.55%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.