Vulnerabilities > Drupal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-06 | CVE-2008-6908 | Cryptographic Issues vulnerability in Marc Ingram Services Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges. | 7.5 |
| 2009-06-27 | CVE-2009-2237 | Unspecified vulnerability in Karim Ratib Views Bulk Operations Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). | 7.5 |
| 2009-06-16 | CVE-2009-2075 | Permissions, Privileges, and Access Controls vulnerability in Angrydonuts Nodequeue Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors. | 7.5 |
| 2009-05-01 | CVE-2009-1507 | Permissions, Privileges, and Access Controls vulnerability in Drupal Nodeaccess Userreference The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node. | 7.5 |
| 2009-02-14 | CVE-2008-6137 | Permissions, Privileges, and Access Controls vulnerability in Drupal Everyblog 5.0/6.0 EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. | 7.5 |
| 2009-02-14 | CVE-2008-6136 | Permissions, Privileges, and Access Controls vulnerability in Drupal Everyblog 5.0/6.0 Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to gain privileges as another user or an administrator via unknown attack vectors. | 7.5 |
| 2009-02-14 | CVE-2008-6134 | SQL Injection vulnerability in Drupal Everyblog 5.0/6.0 SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-02-02 | CVE-2008-6020 | SQL Injection vulnerability in Drupal Views 6.X2.0 SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | 7.5 |
| 2008-10-29 | CVE-2008-4793 | Permissions, Privileges, and Access Controls vulnerability in Drupal The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. | 7.5 |
| 2008-10-17 | CVE-2008-4598 | Cross-Site Scripting vulnerability in Drupal Shindig-Integrator 5 Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. | 7.5 |