Search for packages
| purl | pkg:composer/drupal/drupal@6.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2ctt-zm9j-17bx
Aliases: CVE-2016-3171 GHSA-69g8-g9jq-74v7 |
Session data truncation can lead to unserialization of user provided data Drupal might allow remote attackers to execute arbitrary code via vectors related to session data truncation. |
Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-825u-8b9n-27c8
Aliases: CVE-2010-3094 GHSA-pjmx-4gc6-hwv8 |
Drupal cross-site scripting vulnerability via actions feature and trigger module Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. |
Affected by 0 other vulnerabilities. |
|
VCID-9wt5-xe6d-n3cb
Aliases: CVE-2016-3164 GHSA-836p-6p4j-35cg |
Open redirect via path manipulation Drupal might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on an error page, related to path manipulation. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-ajx2-vzhw-r7f1
Aliases: CVE-2008-3218 GHSA-6cj8-c359-p7q9 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. |
Affected by 0 other vulnerabilities. |
|
VCID-en3b-g3f3-a3e3
Aliases: CVE-2016-3163 GHSA-h3r9-pjmr-f938 |
Brute force amplification attacks via XML-RPC The XML-RPC system in Drupal might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-h6yp-zj5e-zkbm
Aliases: CVE-2016-3166 GHSA-fg5q-r2q5-qmh3 |
HTTP header injection using line breaks CRLF injection vulnerability in the `drupal_set_header` function in Drupal allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. |
Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-mt37-qzh7-gyfv
Aliases: CVE-2016-3168 GHSA-qqxc-cppg-4xp8 |
Reflected file download vulnerability The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-tk6t-srar-h7a8
Aliases: CVE-2016-3165 GHSA-4gh5-3hqj-x3pj |
Improper Access Control The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has `#access` set to `FALSE` in the server-side form definition. |
Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-we42-mkyk-hfer
Aliases: CVE-2016-3169 GHSA-q3p9-8728-wq7x |
Saving user accounts can sometimes grant the user all roles The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the `user_save` function with an explicit category and loads all roles into the array. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
|
VCID-xumx-m3zz-jkh6
Aliases: CVE-2016-3167 GHSA-gxwx-c7m8-f95h |
Open redirect via double-encoded 'destination' parameter Open redirect vulnerability in the `drupal_goto` function in Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the `destination` parameter. |
Affected by 0 other vulnerabilities. Affected by 64 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||