Drupal : Security Vulnerabilities Published In 2008 (Bypass)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2008-4793 |
264 |
|
Bypass |
2008-10-29 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. |
2 |
CVE-2008-4792 |
264 |
|
Bypass |
2008-10-29 |
2018-11-02 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. |
3 |
CVE-2008-4791 |
264 |
|
Bypass |
2008-10-29 |
2018-11-02 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. |
4 |
CVE-2008-4790 |
264 |
|
Bypass |
2008-10-29 |
2017-08-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. |
5 |
CVE-2008-4789 |
264 |
|
Bypass |
2008-10-29 |
2017-08-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." |
6 |
CVE-2008-3000 |
264 |
|
Bypass |
2008-07-03 |
2017-08-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. |
7 |
CVE-2008-2771 |
264 |
|
Bypass |
2008-06-18 |
2017-08-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. |
8 |
CVE-2008-0569 |
264 |
|
Exec Code Bypass |
2008-02-05 |
2011-03-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors. |
Total number of vulnerabilities :
8
Page :
1
(This Page)