Vulnerabilities > Drupal > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-24 | CVE-2009-3350 | Multiple Unspecified vulnerability in Drupal Subdomain Manager Module Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors. | 10.0 |
2009-03-20 | CVE-2009-1034 | SQL Injection vulnerability in Drupal Tasklist SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI. | 10.0 |
2009-02-19 | CVE-2008-6171 | Improper Input Validation vulnerability in Drupal includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | 9.3 |
2008-07-03 | CVE-2008-3001 | Code Injection vulnerability in Drupal Aggregation Module The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | 9.3 |
2008-02-19 | CVE-2008-0823 | Improper Authentication vulnerability in Drupal Header Image 5.X1.0 Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | 10.0 |
2008-02-05 | CVE-2008-0568 | Authentication Bypass vulnerability in Drupal Secure Site Module 4.7/5.0 Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker. | 10.0 |