Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2006-1227

  • EPSS 0.87%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.

5.1

CVE-2006-1228

  • EPSS 2.17%
  • Veröffentlicht 14.03.2006 19:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

4.3

CVE-2006-0070

Exploit
  • EPSS 0.66%
  • Veröffentlicht 04.01.2006 00:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the ...

4.3

CVE-2005-3973

  • EPSS 0.61%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value paramet...

6.4

CVE-2005-3974

  • EPSS 0.55%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.

4

CVE-2005-3975

  • EPSS 0.82%
  • Veröffentlicht 03.12.2005 19:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be execu...

7.5

CVE-2005-1921

  • EPSS 86.15%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) Mail...

5

CVE-2005-2106

  • EPSS 5.24%
  • Veröffentlicht 05.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.

7.5

CVE-2005-1871

  • EPSS 0.74%
  • Veröffentlicht 09.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."

4.3

CVE-2005-0682

  • EPSS 0.36%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.