Search

Found 5 results in 722ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2014-9016	medium	—	6.0	EXP	debian	drupalsecure_password_hashes_project	12y ago	The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
CVE-2014-3704	high	—	8.5	EXP	debian	drupal	12y ago	The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att…
CVE-2014-5266	medium	—	6.0	EXPFIX	debian	wordpressdrupal	12y ago	The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta…
CVE-2012-4554	medium	—	6.0	EXP		drupal	14y ago	The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
CVE-2007-6752	medium	—	7.8	EXP		drupal	14y ago	Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout …