Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 6.36  Security Vulnerabilities
CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.004
Published
2009-09-24
CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.004
Published
2009-09-24
CVE-2009-3352
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.005
Published
2009-09-24
CVE-2009-3206
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-09-16
CVE-2009-3207
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVSS Score
6.8
EPSS Score
0.01
Published
2009-09-16
CVE-2009-3210
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-09-16
CVE-2009-3156
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
CVSS Score
2.1
EPSS Score
0.005
Published
2009-09-10
CVE-2009-3157
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-09-10
CVE-2009-3121
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.005
Published
2009-09-09
CVE-2009-3122
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
CVSS Score
6.4
EPSS Score
0.006
Published
2009-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved