Drupal : Security Vulnerabilities Published In 2007 (Bypass)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2007-5597 |
264 |
|
Bypass |
2007-10-19 |
2018-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. |
2 |
CVE-2007-1033 |
|
|
Bypass |
2007-02-21 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. |
3 |
CVE-2007-0658 |
|
|
Bypass |
2007-02-01 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. |
4 |
CVE-2007-0506 |
|
|
Bypass +Info |
2007-01-26 |
2017-07-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. |
Total number of vulnerabilities :
4
Page :
1
(This Page)