|
241
|
-
4.3
|
MEDIUM
|
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2006-2260
|
cpe:2.3:a:drupal:drupal:4.6:* cpe:2.3:a:drupal:drupal:4.6.3:* cpe:2.3:a:drupal:drupal:4.6.2:* cpe:2.3:a:drupal…
|
|
|
|
|
2017-07-20 10:31
2006-05-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
242
|
-
5.0
|
MEDIUM
|
CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.
|
NVD-CWE-Other
|
CVE-2006-1225
|
cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drupal:drupal:4.6.0:* cpe:2.3:a:drupal:drupal:4.5.3:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-19 01:31
2006-03-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
243
|
-
4.3
|
MEDIUM
|
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2006-1226
|
cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drupal:drupal:4.6.0:* cpe:2.3:a:drupal:drupal:4.5.3:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-19 01:31
2006-03-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
244
|
-
4.6
|
MEDIUM
|
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers…
|
NVD-CWE-Other
|
CVE-2006-1227
|
cpe:2.3:a:drupal:drupal:4.6.5:* cpe:2.3:a:drupal:drupal:4.6.4:* cpe:2.3:a:drupal:drupal:4.6.3:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-19 01:31
2006-03-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245
|
-
5.1
|
MEDIUM
|
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.
|
CWE-287
Improper Authentication
|
CVE-2006-1228
|
cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drupal:drupal:4.6.0:* cpe:2.3:a:drupal:drupal:4.5.3:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-19 01:31
2006-03-15
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246
|
-
4.3
|
MEDIUM
|
Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function.…
|
NVD-CWE-Other
|
CVE-2006-0070
|
cpe:2.3:a:drupal:drupal:4.6.4:* cpe:2.3:a:drupal:drupal:4.5.6:*
|
|
|
|
|
2024-08-8 02:15
2006-01-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247
|
-
4.3
|
MEDIUM
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and value…
|
NVD-CWE-Other
|
CVE-2005-3973
|
cpe:2.3:a:drupal:drupal:4.6.3:* cpe:2.3:a:drupal:drupal:4.6.2:* cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-20 00:39
2005-12-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248
|
-
6.4
|
MEDIUM
|
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
|
NVD-CWE-Other
|
CVE-2005-3974
|
cpe:2.3:a:drupal:drupal:4.6:* cpe:2.3:a:drupal:drupal:4.6.3:* cpe:2.3:a:drupal:drupal:4.6.2:* cpe:2.3:a:drupal…
|
|
|
|
|
2018-10-20 00:39
2005-12-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249
|
-
4.0
|
MEDIUM
|
Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPE…
|
NVD-CWE-Other
|
CVE-2005-3975
|
cpe:2.3:a:drupal:drupal:4.6.3:* cpe:2.3:a:drupal:drupal:4.6.2:* cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drup…
|
|
|
|
|
2018-10-20 00:39
2005-12-4
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250
|
-
5.0
|
MEDIUM
|
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
|
NVD-CWE-Other
|
CVE-2005-2106
|
cpe:2.3:a:drupal:drupal:4.6.1:* cpe:2.3:a:drupal:drupal:4.6.0:* cpe:2.3:a:drupal:drupal:4.5.3:* cpe:2.3:a:drup…
|
|
|
|
|
2016-10-18 12:24
2005-07-5
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|