Vulnerabilities > Drupal > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-27 | CVE-2012-2730 | Permissions, Privileges, and Access Controls vulnerability in Alexis Wilke Protected Node The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. | 7.5 |
2012-06-21 | CVE-2012-2718 | SQL Injection vulnerability in Drupal-Id Counter Module 6.0 SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." | 7.5 |
2012-02-17 | CVE-2011-4113 | SQL Injection vulnerability in Earl Miles Views SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments." | 7.5 |
2011-07-27 | CVE-2011-2687 | Permissions, Privileges, and Access Controls vulnerability in Drupal 7.0/7.1/7.2 Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table. | 7.5 |
2011-04-10 | CVE-2011-1663 | SQL Injection vulnerability in Icanlocalize Translation Management SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-09-16 | CVE-2010-3423 | SQL Injection vulnerability in Freka YR Verdata SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. | 7.5 |
2009-12-11 | CVE-2009-4296 | SQL Injection vulnerability in Brian Miller Taxonomy Timer SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-11-20 | CVE-2009-4044 | Permissions, Privileges, and Access Controls vulnerability in Bruno Massa web Services 6.X1.0 The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. | 7.5 |
2009-10-26 | CVE-2009-3778 | SQL Injection vulnerability in Adam Gerson Moodle Courselist 6.X1.2 SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-08-06 | CVE-2008-6910 | Cryptographic Issues vulnerability in Marc Ingram Services Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request. | 7.5 |