CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4789
https://notcve.org/view.php?id=CVE-2008-4789
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." La funcionalidad de validación del núcleo del módulo de subida en Drupal 6.x anterior a 6.5 permite a un usuario remoto autentificado sobrepasar las restricciones de acceso y "añadir archivos al contenido"; está relacionado con un "error lógico". • http://drupal.org/node/318706 http://secunia.com/advisories/32198 http://www.openwall.com/lists/oss-security/2008/10/21/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/45755 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4793
https://notcve.org/view.php?id=CVE-2008-4793
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. El API del módulo nodo en Drupal 5.x anterior a 5.11 permite a un atacante remoto evitar la validación del nodo, y tiene otros impactos por medio de ataques desconocidos relacionados con los módulos contribuídos. • http://drupal.org/node/318706 http://secunia.com/advisories/32200 http://www.openwall.com/lists/oss-security/2008/10/21/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/45763 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1980
https://notcve.org/view.php?id=CVE-2008-1980
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de órdenes (XSS) en el módulo de Drupal "E-Publish" 5.x anteriores a 5.x-1.1 y 6.x anteriores a 6.x-1.0 beta1, permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/250408 http://secunia.com/advisories/29960 http://www.vupen.com/english/advisories/2008/1353/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1978
https://notcve.org/view.php?id=CVE-2008-1978
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en el módulo Ubercart 5.x anteriores a 5.x-1.0 rc3 de Drupal permite a usuarios remotos autenticados inyectar 'script' web o HTML de su elección mediante títulos de nodos relacionados con características del producto no especificadas, un vector distinto de CVE-2008-1428. • http://drupal.org/node/250343 http://secunia.com/advisories/29950 http://www.securityfocus.com/bid/28914 http://www.vupen.com/english/advisories/2008/1351/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41975 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0272
https://notcve.org/view.php?id=CVE-2008-0272
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo aggregator en Drupal 4.7.x anterior a 4.7.11 y 5.x anterior a 5.6 permite a atacantes remotos borrar campos desde un alimentador con privilegios de usuario. • http://drupal.org/node/208562 http://secunia.com/advisories/28422 http://secunia.com/advisories/28486 http://www.securityfocus.com/bid/27238 http://www.vbdrupal.org/forum/showthread.php?p=6878 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vupen.com/english/advisories/2008/0127 http://www.vupen.com/english/advisories/2008/0134 https://exchange.xforce.ibmcloud.com/vulnerabilities/39617 • CWE-352: Cross-Site Request Forgery (CSRF) •