CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6137
https://notcve.org/view.php?id=CVE-2008-6137
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos saltarse las restricciones de acceso mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45759 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6135
https://notcve.org/view.php?id=CVE-2008-6135
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6134
https://notcve.org/view.php?id=CVE-2008-6134
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45756 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6020
https://notcve.org/view.php?id=CVE-2008-6020
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." Vulnerabilidad de inyección SQL en el módulo Views del gestor de contenidos Drupal en las versiones v6.x anteriores a la v6.x-2.2. Permite a los usuarios remotos ejecutar código arbitrario SQL a través de vectores de ataque desconocidos relacionados con un filtro vulnerable en los campos de texto CCK. • http://drupal.org/node/347831 http://drupal.org/node/348321 http://osvdb.org/50795 http://secunia.com/advisories/33225 http://secunia.com/advisories/33289 http://www.securityfocus.com/bid/32895 https://exchange.xforce.ibmcloud.com/vulnerabilities/47454 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01024.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0382
https://notcve.org/view.php?id=CVE-2009-0382
Unspecified vulnerability in Internationalization (i18n) Translation 5.x before 5.x-2.5, a module for Drupal, allows remote attackers with "translate node" permissions to bypass intended access restrictions and read unpublished nodes via unspecified vectors. Vulnerabilidad no especificada en Internationalization (i18n) Translation 5.x versiones anteriores a 5.x-2.5, un módulo de Drupal, permite a atacantes remotos con permisos "traducir nodo" evitar restricciones de acceso y leer nodos no públicos a través de vectores no especificados. • http://drupal.org/node/358958 http://secunia.com/advisories/33549 http://www.securityfocus.com/bid/33283 • CWE-264: Permissions, Privileges, and Access Controls •