CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2007-0658
https://notcve.org/view.php?id=CVE-2007-0658
01 Feb 2007 — The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. Los módulos para Drupal (1) Textimage 4.7.x versiones anteriores a 4.7-1.2 y 5.x versiones anteriores a 5.x-1.1 y (2) Captcha 4.7.x versiones anteriores a 4.7-1.2 y 5.x versiones anteriores a 5.x-1.1, permiten a atacantes remotos evitar la comprobación CAPT... • http://cvs.drupal.org/viewcvs/drupal/contributions/modules/captcha/captcha.module?r1=1.25.2.1&r2=1.25.2.2 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2007-0626
https://notcve.org/view.php?id=CVE-2007-0626
31 Jan 2007 — The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." La función comment_form_add_preview en comment.module en Drupal anterior a versión 4.7.6, y versión 5.x anterior a 5.1, y vbDrupal, permite a los atacantes remotos con privilegios de "post comm... • http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0136
https://notcve.org/view.php?id=CVE-2007-0136
09 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Drupal anterior 4.6.11, y 4.7 anterior 4.7.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de p... • http://drupal.org/files/sa-2007-001/advisory.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 1CVE-2007-0124
https://notcve.org/view.php?id=CVE-2007-0124
09 Jan 2007 — Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. Vulnerabilidad no especificada en Drupal anterior a 4.6.11, y 4.7 anterior a 4.7.5, cuando se utiliza MySQL, permite a usuarios autenticados remotamente provocar una denegación de servicio modificando la caché de la página a través de vecto... • http://drupal.org/node/104238 •