Vulnerabilities > Drupal > Critical

DATE CVE VULNERABILITY TITLE RISK
2009-09-24 CVE-2009-3350 Multiple Unspecified vulnerability in Drupal Subdomain Manager Module
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
network
low complexity
roshan-shah drupal
critical
10.0
2009-03-20 CVE-2009-1034 SQL Injection vulnerability in Drupal Tasklist
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
network
low complexity
drupal CWE-89
critical
10.0
2009-02-19 CVE-2008-6171 Improper Input Validation vulnerability in Drupal
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
network
drupal CWE-20
critical
9.3
2008-07-03 CVE-2008-3001 Code Injection vulnerability in Drupal Aggregation Module
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
network
drupal CWE-94
critical
9.3
2008-02-19 CVE-2008-0823 Improper Authentication vulnerability in Drupal Header Image 5.X1.0
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
network
low complexity
drupal CWE-287
critical
10.0
2008-02-05 CVE-2008-0568 Authentication Bypass vulnerability in Drupal Secure Site Module 4.7/5.0
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
network
low complexity
drupal
critical
10.0