Drupal历史插件漏洞集合

date:2018-06-22,name:Drupal 7 ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability  
date:2018-06-02,name:Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability  
date:2018-05-22,name:Drupal Exploiter on subdomains brute-forcing (RCE)  
date:2018-04-23,name:Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download  
date:2018-04-14,name:Drupal 0day Remote PHP Code Execution (Perl)  
date:2018-04-13,name:Drupal 0day Remote PHP Code Execution (Python)  
date:2018-04-13,name:Drupal 0day Remote PHP Code Execution (curl)  
date:2018-04-13,name:Drupal Drupalgeddon2 Remote Code Execution (Ruby)  
date:2018-03-30,name:Drupal 7.0 <  7.31 Drupalgeddon SQL Injection (Admin Session)  
date:2017-06-08,name:Drupal Public Download Count Module - Open Redirect  
date:2017-05-16,name:Drupal comment-form Upload Dangerous File  
date:2017-03-10,name:Drupal 7.x Module Services Remote Code Execution  
date:2016-07-25,name:Drupal CODER Module 2.5 - Remote Command Execution  
date:2016-07-21,name:Drupal RESTWS Module 7.x - Remote PHP Code Execution  
date:2016-07-19,name:Drupal 8.1.6 HTTP traffic to an arbitrary proxy server  
date:2016-07-17,name:Drupal Webform Multiple File Upload - Remote code execution  
date:2016-07-05,name:Drupal 6.22 - menupereid SQL injection Vulnerability  
date:2016-02-21,name:Drupal 8.0.x-dev Cross Site Scripting  
date Process MiTM  
date:2015-10-11,name:Drupal 8.0.0 Beta 14 Cross Site Scripting  
date:2014-12-02,name:Drupal 7.34 Memory Exhaustion  
date:2014-11-04,name:Drupal < 7.32 Pre Auth SQL Injection Vulnerability  
date:2014-10-18,name:Drupal HTTP Parameter Key\/Value SQL Injection  
date:2014-10-16,name:Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube  
date:2014-10-16,name:Drupal 7.x SQL Injection Exploit  
date:2014-08-11,name:WordPress 3.9 and Drupal 7.x Denial Of Service Vulnerability *video  
date:2014-05-11,name:Drupal Flag 7.x-3.5 Command Execution  
date:2014-04-03,name:Drupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting  
date:2014-03-13,name:Drupal SexyBookmarks 6.x Information Disclosure  
date:2014-03-13,name:Drupal Webform Template 7.x Access Bypass  
date:2014-03-06,name:Drupal Masquerade 6.x \/ 7.x Access Bypass  
date:2014-03-06,name:Drupal NewsFlash 6.x \/ 7.x Cross Site Scripting  
date:2014-02-27,name:Drupal Mime Mail 6.x \/ 7.x Access Bypass  
date:2014-02-27,name:Drupal Content Locking 6.x \/ 7.x CSRF  
date:2014-02-27,name:Drupal Project Issue File Review 6.x Cross Site Scripting  
date:2014-02-27,name:Drupal Open Omega 7.x Access Bypass  
date:2014-02-20,name:Drupal Maestro 7.x Cross Site Scripting  
date:2014-02-20,name:Drupal Slickgrid 7.x Access Bypass  
date:2014-02-13,name:Drupal Webform Validation 6.x \/ 7.x Cross Site Scripting  
date:2014-02-13,name:Drupal Webform 6.x \/ 7.x Cross Site Scripting  
date:2014-02-13,name:Drupal Image Resize Filter 6.x \/ 7.x Denial Of Service  
date:2014-02-13,name:Drupal Commons 7.x Cross Site Scripting  
date:2014-02-13,name:Drupal MAYO 7.x Cross Site Scripting  
date:2014-02-13,name:Drupal Chaos Tool Suite 6.x \/ 7.x Access Bypass  
date:2014-02-07,name:Drupal Push Notifications 7.x Information Disclosure  
date:2014-02-07,name:Drupal Modal Frame API 6.x Cross Site Scripting  
date:2014-02-06,name:Drupal 6 Modal Frame API Cross Site Scripting  
date:2014-01-30,name:Drupal Tribune 6.x \/ 7.x Cross Site Scripting  
date:2014-01-30,name:Drupal Services 7.x Access Bypass  
date:2014-01-27,name:Drupal Event calendar module Cross Site Scripting (XSS)  
date:2014-01-23,name:Drupal Leaflet 7.x Access Bypass  
date:2014-01-23,name:Drupal Secure Cookie Data 7.x Information Disclosure  
date:2014-01-23,name:Drupal Doubleclick For Publishers 7.x Cross Site Scripting  
date:2014-01-23,name:Drupal Language Switcher Dropdown 7.x Open Redirect  
date:2014-01-16,name:Drupal 6.x \/ 7.x Impersonation \/ Access Bypass \/ Hardening  
date:2014-01-16,name:Drupal Anonymous Posting 7.x Cross Site Scripting  
date:2014-01-09,name:Drupal Media 7.x Access Bypass  
date:2013-12-19,name:Drupal 7.x Ubercart Session Fixation Vulnerability  
date:2013-11-21,name:Drupal 6.x\/7.x core Multiple vulnerabilities  
date:2013-11-21,name:Drupal Invitation 7.x Access Bypass  
date:2013-11-21,name:Drupal Entity Reference 7.x Access Bypass  
date:2013-11-21,name:Drupal 6.x \/ 7.x PRNG \/ XSS \/ Open Redirect  
date:2013-11-21,name:Drupal EU Cookie Compliance 7.x CSRF  
date:2013-11-14,name:Drupal GCC 7.x Access Bypass  
date:2013-11-14,name:Drupal Misery 6.x \/ 7.x Denial Of Service  
date:2013-11-14,name:Drupal Revisioning 7.x Access Bypass  
date:2013-11-07,name:Drupal 7.x Payment for Webform Access Bypass  
date:2013-10-31,name:Drupal Monster Menus 7.x Access Bypass  
date:2013-10-31,name:Drupal Feed Element Mapper 6.x Cross Site Scripting  
date:2013-10-31,name:Drupal FileField Sources 6.x \/ 7.x Access Bypass  
date:2013-10-31,name:Drupal Quiz 6.x Access Bypass  
date:2013-10-17,name:Drupal Context Mulitple Vulnerabilities  
date:2013-10-17,name:Drupal Simplenews Cross Site Scripting  
date:2013-10-03,name:Drupal Quick Tabs 6.x \/ 7.x Access Bypass  
date:2013-10-01,name:Drupal Imagecache security vulnarability (DDOS attack) *youtube  
date:2013-09-19,name:Drupal Google Site Search 6.x \/ 7.x Cross Site Scripting  
date:2013-09-13,name:Drupal MediaFront 6.x \/ 7.x Cross Site Scripting  
date:2013-09-13,name:Drupal Click2Sell Suite 6.x XSS \/ CSRF  
date:2013-09-13,name:Drupal jQuery Countdown 7.x Cross Site Scripting  
date:2013-09-06,name:Drupal Make Meeting Scheduler 6.x Access Bypass  
date:2013-09-06,name:Drupal Core 6.x \/ 7.x Information Disclosure  
date:2013-08-29,name:Drupal Flag 7.x Cross Site Scripting  
date:2013-08-22,name:Drupal Zen 7.x Cross Site Scripting  
date:2013-08-15,name:Drupal 7.22 \/ 6.28 Cross Site Scripting  
date:2013-08-15,name:Drupal BOTCHA Spam Prevention 7.x Information Disclosure  
date:2013-08-15,name:Drupal Password Policy 6.x \/ 7.x Cross Site Scripting  
date:2013-08-15,name:Drupal Entity API 7.x Access Bypass  
date:2013-08-08,name:Drupal RESTful Web Services 7.x Access Bypass  
date:2013-08-08,name:Drupal Authenticated User Page Caching 7.x Information Disclosure  
date:2013-08-08,name:Drupal Mozilla Persona 7.x Cross Site Request Forgery  
date:2013-08-08,name:Drupal Organic Groups 7.x Access Bypass \/ Information Disclosure  
date:2013-08-08,name:Drupal Monster Menus 6.x \/ 7.x Access Bypass  
date:2013-07-26,name:Drupal Scald 6.x \/ 7.x Cross Site Scripting  
date:2013-07-19,name:Drupal MRBS 6.x \/ 7.x CSRF \/ SQL Injection  
date:2013-07-11,name:Drupal TinyBox 7.x Cross Site Scripting  
date:2013-07-11,name:Drupal Stage File Proxy 7.x Denial Of Service  
date:2013-07-11,name:Drupal Hatch 7.x Cross Site Scripting  
date:2013-06-29,name:Drupal 7.x Fonecta verify Cross Site Scripting  
date:2013-06-29,name:Drupal 7.x  Exposed Filter Data Cross Site Scripting  
date:2013-06-27,name:Drupal 7.x Apache Solr Autocomplete Cross Site Scripting  
date:2013-06-27,name:Drupal 7.x Fast Permissions Administration Access bypass  
date:2013-06-20,name:Drupal Login Security 6.x \/ 7.x DoS \/ Bypass  
date:2013-06-13,name:Drupal Display Suite 7.x Cross Site Scripting  
date:2013-06-06,name:Drupal Services 6.x \/ 7.x Cross Site Request Forgery  
date:2013-05-30,name:Drupal 7.x Node access user reference  
date:2013-05-30,name:Drupal 7.x Edit Limit access bypass  
date:2013-05-30,name:Drupal 6.x Webform XSS  
date:2013-05-18,name:CKEditor <4.1 Drupal 6.x & 7.x Persistent XSS  
date:2013-05-16,name:Drupal 6.x\/7.x Google Authenticator login Access Bypass  
date:2013-05-08,name:Drupal Htmlarea Modules (4.7.x-1.x) Arbitary File Upload Vulnerabilities  
date:2013-04-18,name:Drupal AWTNF 6.x \/ 7.x Access Bypass  
date:2013-04-18,name:Drupal MP3 Players 6.x Cross Site Scripting  
date:2013-04-18,name:Drupal elFinder File Mapper 6.x & 7.x CSRF  
date:2013-04-11,name:Drupal RESTful Web Services 7.x Denial Of Service  
date:2013-04-04,name:Drupal Commerce Skrill 7.x Access Bypass  
date:2013-04-04,name:Drupal Chaos Tool Suite 7.x Access Bypass  
date:2013-03-28,name:Drupal Common Groups 7.x Access Bypass & Privilege Escalation  
date:2013-03-28,name:Drupal Common Wikis 7.x Access Bypass & Privilege Escalation  
date:2013-03-28,name:Drupal Rules 7.x Cross Site Scripting  
date:2013-03-28,name:Drupal Zero Point 7.x Cross Site Scripting  
date:2013-03-21,name:Drupal Views 7.x Cross Site Scripting  
date:2013-03-14,name:Drupal Node Parameter Control 6.x Access Bypass  
date:2013-03-02,name:Drupal Premium Responsive 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Fresh Theme 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Clean 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Creative Theme 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Professional 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Best Responsive 7.x Cross Site Scripting  
date:2013-02-28,name:Drupal Company Theme 7.x Cross Site Scripting  
date:2013-02-14,name:Drupal Banckle Chat 7.x Access Bypass  
date:2013-02-14,name:Drupal Manager Change For Organic Groups 7.x Cross Site Scripting  
date:2013-01-31,name:Drupal Google Authenticator (third-party module)  
date:2013-01-31,name:Drupal 7.x Boxes Cross Site Scripting  
date:2013-01-31,name:Drupal Drush Debian Packaging Information Disclosure  
date:2013-01-31,name:Drupal 6.x email2image Access bypass  
date:2013-01-25,name:Drupal CurvyCorners Cross-site Scripting  
date:2013-01-24,name:Drupal Video 7.x PHP Code Execution  
date:2013-01-24,name:Drupal Search API Sorts 7.x Cross Site Scripting  
date:2013-01-24,name:Drupal User Relationships 6.x \/ 7.x Cross Site Scripting  
date:2013-01-24,name:Drupal CurvyCorners 6.x \/ 7.x Cross Site Scripting  
date:2013-01-24,name:Drupal Keyboard Shortcut Utility 7.x Access Bypass  
date:2013-01-17,name:Drupal Live CSS 6.x \/ 7.x PHP Code Execution  
date:2013-01-17,name:Drupal Core 6.x \/ 7.x Cross Site Scripting & Access Bypass  
date:2013-01-17,name:Drupal Mark Complete 7.x Cross Site Request Forgery  
date:2013-01-10,name:Drupal Payment 7.x Access Bypass  
date:2013-01-08,name:Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities  
date:2012-12-20,name:Drupal Core 6.x & 7.x Access Bypass & Code Execution  
date:2012-12-06,name:Drupal Nodeword D6 Meta Tags 6.x Information Disclosure  
date:2012-11-30,name:Drupal Email Field 6.x XSS & Access Bypass  
date:2012-11-25,name:TYPO3 CMS, TinyMCE, Liferay Portal, Drupal swfupload XSS  
date:2012-11-15,name:Drupal RESTful Web Services 7.x Cross Site Request Forgery  
date:2012-11-15,name:Drupal Smiley \/ Smileys 6.x Cross Site Scripting  
date:2012-11-15,name:Drupal User Read-Only 6.x \/ 7.x Access Bypass  
date:2012-11-08,name:Drupal OM Maximenu 6.x \/ 7.x Cross Site Scripting  
date:2012-11-08,name:Drupal Webform CiviCRM Integration 7.x Access Bypass  
date:2012-10-26,name:Drupal MailChimp 7.x Cross Site Scripting  
date:2012-10-11,name:Drupal Feeds 7.x Access Bypass  
date:2012-10-11,name:Drupal Mandrill 7.x Information Disclosure  
date:2012-10-11,name:Drupal ShareThis 7.x Cross Site Scripting  
date:2012-10-11,name:Drupal Basic Webmail 6.x XSS & Information Disclosure  
date:2012-10-04,name:Drupal Twitter Pull 6.x & 7.x Cross Site Scripting  
date:2012-10-04,name:Drupal Commerce Extra Panes 7.x Cross Site Request Forgery  
date:2012-09-27,name:Drupal Organic Groups 7.x Access Bypass  
date:2012-09-19,name:Drupal Heartbeat 6.x 7.x Cross Site Request Forgery  
date:2012-09-19,name:Drupal Exposed Filter Data 6.x Cross Site Scripting  
date:2012-09-18,name:Drupal Email Field 6.x \/ 7.x Access Bypass  
date:2012-09-18,name:Drupal Announcements 6.x Access Bypass  
date:2012-09-18,name:Drupal Activism 6.x Access Bypass  
date:2012-09-18,name:Drupal Taxonomy Image 6.x Cross Site Scripting \/ PHP Code Execution  
date:2012-09-18,name:Drupal Javascript Tool 7.x File Access  
date:2012-08-20,name:Drupal Elegant Theme 7.x Cross Site Scripting  
date:2012-08-20,name:Drupal Custom Publishing Options 6.x XSS  
date:2012-08-20,name:Drupal Hotblocks 6.x Cross Site Scripting  
date:2012-08-07,name:Drupal Excluded Users 6.x Cross Site Scripting  
date:2012-08-07,name:Drupal Monthly Archive by Node Type 6.x Access Bypass  
date:2012-07-31,name:Drupal Location 6.x \/ 7.x Access Bypass  
date:2012-07-31,name:Drupal Secure Login 7.x Open Redirect  
date:2012-07-31,name:Drupal Gallery Formatter 7.x Cross Site Scripting  
date:2012-07-31,name:Drupal Subuser 6.x Bypass \/ CSRF  
date:2012-07-24,name:Drupal Campaign Monitor 6.x Cross Site Scripting  
date:2012-07-16,name:Drupal Book Block 6.x-1.0-beta1 Cross Site Scripting  
date:2012-07-16,name:Drupal Book Block Module V.6.x-1.0-beta1 XSS Vulnerability  
date:2012-06-26,name:Drupal Drag And Drop 6.x-1.5 Shell Upload  
date:2012-06-25,name:Drupal 7.x-1.3 Privatemsg Cross Site Scripting  
date:2012-06-17,name:Drupal Ubercart AJAX Cart 6.x Information Disclosure  
date:2012-06-15,name:Drupal SimpleMeta 6.x Cross Site Request Forgery  
date:2012-06-15,name:Drupal Janrain Capture 6.x \/ 7.x Open Redirect  
date:2012-06-15,name:Drupal Node Hierarchy 6.x Cross Site Request Forgery  
date:2012-06-15,name:Drupal Global Redirect 6.x \/ 7.x Open Redirect  
date:2012-06-15,name:Drupal Protected Node 6.x Access Bypass  
date:2012-06-08,name:Drupal Tokenauth 6.x Access Bypass  
date:2012-06-08,name:Drupal Maestro 7.x Cross Site Scripting \/ Cross Site Request Forgery  
date:2012-06-08,name:Drupal Protest 6.x \/ 7.x Cross Site Scripting  
date:2012-06-08,name:Drupal Authoring HTML 6.x Cross Site Scripting  
date:2012-06-08,name:Drupal Node Embed 6.x \/ 7.x Access Bypass  
date:2012-06-08,name:Drupal Organic Groups 6.x Cross Site Scripting \/ Access Bypass  
date:2012-06-08,name:Drupal Simplenews 6.x \/ 7.x Information Disclosure  
date:2012-06-04,name:Drupal Counter 6.x SQL Injection  
date:2012-06-04,name:Drupal Mobile Tools 6.x Cross Site Scripting  
date:2012-06-04,name:Drupal Comment Moderation 6.x Cross Site Request Forgery  
date:2012-06-04,name:Drupal Amadou 6.x Cross Site Scripting  
date:2012-05-28,name:Drupal Taxonomy List 6.x Cross Site Scripting  
date:2012-05-28,name:Drupal BrowserID 7.x Cross Site Request Forgery  
date:2012-05-28,name:Drupal Search API 7.x Cross Site Scripting  
date:2012-05-20,name:Drupal Hostmaster 6.x Cross Site Scripting \/ Access Bypass  
date:2012-05-20,name:Drupal Aberdeen 6.x Cross Site Scripting  
date:2012-05-19,name:Drupal Post Affiliate Pro 6.x Cross Site Scripting \/ Access Bypass  
date:2012-05-19,name:Drupal Advertisement 6.x Cross Site Scripting  
date:2012-05-19,name:Drupal Ubercart Product Keys 6.x Access Bypass  
date:2012-05-19,name:Drupal Smart Breadcrumb 6.x Cross Site Scripting  
date:2012-05-13,name:Drupal Take Control 6.x Cross Site Request Forgery  
date:2012-05-13,name:Drupal Glossary 6.x Cross Site Scripting  
date:2012-05-12,name:Drupal Core 7.x Multiple Vulnerabilities  
date:2012-05-04,name:Drupal Glossify Internal Links Auto SEO 6.x Cross Site Scripting  
date:2012-05-04,name:Drupal Node Gallery 6.x Cross Site Request Forgery  
date:2012-05-04,name:Drupal Taxonomy Grid 6.x Cross Site Scripting  
date:2012-05-04,name:Drupal cctags 6.x \/ 7.x Cross Site Scripting  
date:2012-04-28,name:Drupal Site Documentation 6.x Information Disclosure  
date:2012-04-28,name:Drupal Ubercart 6.x \/ 7.x XSS \/ PHP Code Execution  
date:2012-04-28,name:Drupal RealName 6.x Cross Site Scripting  
date:2012-04-28,name:Drupal Creative Commons 6.x Cross Site Scripting  
date:2012-04-28,name:Drupal Linkit 7.x Access Bypass  
date:2012-04-28,name:Drupal Spaces 6.x Access Bypass  
date:2012-04-01,name:Drupal Activity 6.x XSS Proof Of Concept  
date:2012-03-26,name:Drupal FCKEditor\/CKEditor remote code execution  
date:2012-03-19,name:Drupal 7.x Search Module Full Path Disclosure  
date:2012-01-22,name:Drupal CKEditor 3.6.2 Cross Site Scripting  
date:2012-01-10,name:VBDrupal Cross Site Scripting  
date:2011-12-24,name:Drupal 6.22 \/ SuperCron 6.x-1.3 Cross Site Scripting  
date:2011-11-21,name:Drupal String Overrides Cross Site Scripting  
date:2011-07-03,name:Drupal 6.22 Cross Site Scripting  
date:2011-06-02,name:Drupal With Webform Cross Site Scripting  
date:2011-01-22,name:Drupal 5.x, 6.x  <= Stored Cross Site Scripting Vulnerability  
date:2010-07-19,name:Drupal 6.16 with OG Menu 6.x-2.0 cross site scripting  
date:2010-05-21,name:Drupal 6.16 with Context 6.x-2.0-rc3 XSS  
date:2010-05-20,name:The Drupal Storm module 1.32 cross site scripting  
date:2010-04-30,name:Drupal 6.16 with Better Formats 6.x-1.2 cross site scripting  
date:2010-02-20,name:Drupal 6.15 with Twitter module version 6.x-2.6 clear text credential storage  
date:2010-02-06,name:Drupal's MP3 Player module 6.x-1.0-beta1 cross site scripting  
date:2010-01-23,name:Drupal Node Blocks contributed module (6.x-1.3 and 5.x-1.1) XSS  
date:2009-12-19,name:Drupal 6.14 Sections 6.x-1.2 multiple cross site scripting  
date:2009-06-12,name:Drupal Taxonomy Manager Module XSS Vulnerability  
date:2009-06-12,name:Drupal 6 Views Module XSS Vulnerability  
date:2009-06-12,name:Drupal Nodequeue Module XSS Vulnerability  
date:2009-06-11,name:Drupal Flag Module Multiple Vulnerabilities  
date:2009-06-04,name:Drupal Embedded Media Field Module Multiple XSS  
date:2009-06-03,name:Drupal 6 Content Access Module XSS  
date:2009-05-20,name:Drupal 6 CCK Module XSS Vulnerability  
date:2009-05-13,name:Drupal 5.17 Taxonomy Module XSS Vulnerability  
date:2009-03-03,name:Drupal Protected Node Module XSS Vulnerability  
date:2009-02-16,name:LFI in Drupal CMS  
date:2009-02-09,name:Drupal Link Module XSS Vulnerability  
date:2008-09-27,name:Drupal Brilliant Gallery module SQL injection vulnerability  
date:2008-09-27,name:Drupal Ajax Checklist Module SQL Injection Vulnerability  
date:2008-09-21,name:drupal: Session hijacking vulnerability  
date:2008-09-21,name:Drupal Link to Us Module Contains XSS Vulnerability  
date:2007-01-19,name:Drupal 4.6.11 \/ 4.7.5 fixes DoS issue  
date:2006-10-26,name:Drupal 4.6.10 \/ 4.7.4 fixes multiple XSS issues  
date:2006-10-26,name:Drupal 4.6.10 \/ 4.7.4 fixes HTML attribute injection issue  
date:2006-10-26,name:Drupal 4.6.10 \/ 4.7.4 fixes CRF issue  
date:2006-06-08,name:Drupal 4.6.8 \/ 4.7.2 fixes XSS issue  
date:2006-06-08,name:Drupal 4.6.8 \/ 4.7.2 fixes arbitrary file execution issue  
date:2006-03-23,name:Drupal 4.6.6 \/ 4.5.8 fixes XSS issue  
date:2006-03-23,name:Drupal 4.6.6 \/ 4.5.8 fixes session fixation issue  
date:2006-03-23,name:Drupal 4.6.6 \/ 4.5.8 fixes mail header injection issue  
date:2006-03-23,name:Drupal 4.6.6 \/ 4.5.8 fixes access control issue  
date:2005-12-12,name:Drupal 4.6.4 \/ 4.5.6 fixes XSS and HTTP header injection issue  

zhutougg

继续阅读此作者的更多文章