CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6137
https://notcve.org/view.php?id=CVE-2008-6137
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos saltarse las restricciones de acceso mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45759 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6135
https://notcve.org/view.php?id=CVE-2008-6135
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6134
https://notcve.org/view.php?id=CVE-2008-6134
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45756 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4790
https://notcve.org/view.php?id=CVE-2008-4790
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. El módulo central de subidas de Drupal 5.x Anterior a 5.11 permite a un usuario remoto autentificado sobrepasar las restricciones de acceso y leer "archivos adjuntos al contenido" mediante un método desconocido. • http://drupal.org/node/318706 http://secunia.com/advisories/32198 http://secunia.com/advisories/32200 http://www.openwall.com/lists/oss-security/2008/10/21/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/45758 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4789
https://notcve.org/view.php?id=CVE-2008-4789
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." La funcionalidad de validación del núcleo del módulo de subida en Drupal 6.x anterior a 6.5 permite a un usuario remoto autentificado sobrepasar las restricciones de acceso y "añadir archivos al contenido"; está relacionado con un "error lógico". • http://drupal.org/node/318706 http://secunia.com/advisories/32198 http://www.openwall.com/lists/oss-security/2008/10/21/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/45755 • CWE-264: Permissions, Privileges, and Access Controls •