Vulnerabilities > Drupal > Drupal > 4.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-15 | CVE-2008-0273 | Cross-Site Scripting vulnerability in Drupal Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | 4.3 |
| 2008-01-15 | CVE-2008-0272 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | 4.3 |
| 2007-12-10 | CVE-2007-6299 | Improper Input Validation vulnerability in Drupal Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | 7.5 |
| 2007-10-12 | CVE-2007-5416 | Numeric Errors vulnerability in Drupal Drupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. | 6.8 |
| 2007-01-09 | CVE-2007-0124 | Denial of Service vulnerability in Drupal Page Caching Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. network drupal | 3.5 |
| 2006-10-24 | CVE-2006-5477 | Cross-Site Scripting vulnerability in Drupal Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | 2.6 |
| 2006-10-24 | CVE-2006-5476 | Cross-Site Request Forgery vulnerability in Drupal Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | 7.5 |
| 2006-10-24 | CVE-2006-5475 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. network drupal | 6.8 |
| 2006-08-07 | CVE-2006-4002 | Cross-Site Scripting vulnerability in Drupal User.Module Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network drupal | 4.3 |
| 2006-06-06 | CVE-2006-2832 | Input Validation vulnerability in Drupal Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | 2.6 |