Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-26 | CVE-2007-0534 | Cross-Site Scripting vulnerability in Project Issue Tracking Module Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." network drupal | 4.3 |
| 2007-01-26 | CVE-2007-0507 | SQL Injection vulnerability in Drupal Acidfree 4.61.0/4.71.0 SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. network drupal | 6.0 |
| 2007-01-26 | CVE-2007-0506 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. network drupal | 6.0 |
| 2007-01-26 | CVE-2007-0505 | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. network drupal | 8.5 |
| 2007-01-09 | CVE-2007-0136 | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. | 4.3 |
| 2007-01-09 | CVE-2007-0124 | Denial of Service vulnerability in Drupal Page Caching Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. network drupal | 3.5 |
| 2006-12-20 | CVE-2006-6647 | Cross-Site Scripting vulnerability in Drupal Mysite 4.7/5 Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. network drupal | 6.8 |
| 2006-12-20 | CVE-2006-6646 | HTML-Injection vulnerability in Drupal Project and Drupal Project Issue Tracking Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. network drupal | 6.8 |
| 2006-12-14 | CVE-2006-6531 | Cross-Site Scripting vulnerability in Help Tip Module Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. network drupal | 6.8 |
| 2006-12-14 | CVE-2006-6530 | SQL-Injection vulnerability in Help Tip Module SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |