Lucene search
+L

182 matches found

Hacker One
Hacker One
added 2020/12/21 7:51 a.m.784 views

U.S. Dept Of Defense: [CVE-2018-7600] Remote Code Execution due to outdated Drupal server on www.█████████

Summary Due to an outdated Drupal version, remote code execution is possible on www.█████ via CVE-2018-7600. Description Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple...

7.5CVSS1.4AI score0.99993EPSS
Exploits46
Check Point Advisories
Check Point Advisories
added 2020/11/05 12:0 a.m.27 views

Drupal Core Form Rendering Remote Code Execution (CVE-2018-7600)

A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.99993EPSS
Exploits46
GithubExploit
GithubExploit
added 2020/04/12 7:37 a.m.7 views

Exploit for Improper Input Validation in Drupal

CVE-2018-7600-Drupal7 CVE-2018-7600【Drupal7】Batch scanning t...

9.8CVSS7.1AI score0.99993EPSS
Exploits46
GithubExploit
GithubExploit
added 2020/04/07 6:54 a.m.7 views

Exploit for Improper Input Validation in Drupal

It is an exploit module/toolkit targeting Drupal, specifically e...

9.8CVSS9.2AI score0.99993EPSS
Exploits46
CVE
CVE
added 2020/03/12 10:25 p.m.82 views

CVE-2020-7600

The CVE-2020-7600 entry concerns the Node.js package querymen, where versions prior to 2.1.4 are vulnerable to Prototype Pollution. The vulnerability arises from the ability to control the parameters of the exported function handler(type, name, fn) without proper sanitization, enabling an attacke...

5.3CVSS5.4AI score0.01127EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2019/08/12 12:0 a.m.105 views

Cisco Adaptive Security Appliance - Path Traversal Exploit

Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...

5CVSS0.3AI score0.99903EPSS
Exploits18
Microsoft KB
Microsoft KB
added 2019/05/23 12:0 a.m.8 views

May 23, 2019—KB4499182 (Preview of Monthly Rollup)

None None...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.104 views

Fedora 28 : drupal8 (2018-906ba26b4d) (Drupalgeddon 2)

8.4.6 - SA-CORE-2018-002 CVE-2018-7600 - 8.4.5 - SA-CORE-2018-001 CVE-2017-6926 / CVE-2017-6927 / CVE-2017-6930 / CVE-2017-6931 - 8.4.4 - 8.4.3 - 8.4.2 - 8.4.1 - 8.4.0 - 8.4.0-rc2 - 8.4.0-rc1 - 8.4.0-beta1 - 8.4.0-alpha1 Note that Tenable Network Security has extracted the preceding description...

9.8CVSS7.4AI score0.99993EPSS
Exploits47References6
GithubExploit
GithubExploit
added 2018/10/23 9:47 p.m.19 views

Exploit for Improper Input Validation in Drupal

POC of CVE-2018-7600 Drupal RCE CVE-2018-7600 Dont Forge...

9.8CVSS8.8AI score0.99993EPSS
Exploits46
ThreatPost
ThreatPost
added 2018/10/20 5:9 p.m.751 views

Critical RCE Bugs Patched in Drupal 7 and 8

Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting Drupal 7 and Drupal 8. Developers have also identified three additional “moderately critical” vulnerabilities. “A remote attacker could exploit some of these vulnerabilities to tak...

7.5CVSS0.9AI score0.99993EPSS
Exploits46References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:9 a.m.57 views

Security Bulletin: API Connect Developer Portal is affected by Drupal vulnerability (CVE-2018-7600)

Summary IBM API Connect has addressed the following vulnerabilities. API Connect Developer Portal is impacted by Drupal vulnerability: Drupal could allow a remote attacker to execute arbitrary code on the system, caused by an error within multiple subsystems. An attacker could exploit this...

9.8CVSS7.9AI score0.99993EPSS
Exploits46Affected Software1
ThreatPost
ThreatPost
added 2018/06/05 6:24 p.m.69 views

Drupalgeddon 2.0 Still Haunting 115K+ Sites

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S. educational...

7.5CVSS0.99993EPSS
Exploits46References11
Tenable Nessus
Tenable Nessus
added 2018/05/31 12:0 a.m.37 views

SUSE SLES11 Security Update : tiff (SUSE-SU-2018:1472-1)

This update for tiff fixes the following issues: Security issues fixed : - CVE-2016-5315: The setByteArray function in tifdir.c allowed remote attackers to cause a denial of service out-of-bounds read via a crafted tiff image. bsc984809 - CVE-2016-10267: LibTIFF allowed remote attackers to cause ...

8.8CVSS7AI score0.04615EPSS
Exploits8References45
OpenVAS
OpenVAS
added 2018/05/12 12:0 a.m.39 views

Fedora Update for drupal8 FEDORA-2018-1ba93b3144

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.99993EPSS
Exploits59References4
OpenVAS
OpenVAS
added 2018/05/12 12:0 a.m.44 views

Fedora Update for drupal7 FEDORA-2018-b9ad458866

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.99993EPSS
Exploits58References4
OpenVAS
OpenVAS
added 2018/05/12 12:0 a.m.55 views

Fedora Update for drupal7 FEDORA-2018-2359c2ae0e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.99993EPSS
Exploits58References4
ThreatPost
ThreatPost
added 2018/05/03 4:57 p.m.87 views

Kitty Cryptomining Malware Cashes in on Drupalgeddon 2.0

Yet another bad actor has taken advantage of Drupal sites still vulnerable to “Drupalgeddon 2.0,” this time to mine cryptocurrency. The bad script, dubbed the “Kitty” cryptomining malware, takes advantage of the known critical remote-code execution vulnerability in Drupal CVE-2018-7600 to target...

7.5CVSS9.9AI score0.99993EPSS
Exploits46References8
Veracode
Veracode
added 2018/04/26 10:18 a.m.42 views

Remote Code Execution (RCE)

drupal is vulnerable to remote code execution RCE attacks. The library does not properly sanitize URL endpoints where array objects can be supplied to request parameters, allowing a potential compromise of the PHP application, and even the underlying operating system OS. This vulnerability is...

9.8CVSS9.7AI score0.99993EPSS
Exploits58References8Affected Software2
Packet Storm
Packet Storm
added 2018/04/26 12:0 a.m.202 views

Drupal Drupalgeddon 2 Forms API Property Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal...

7.5CVSS0.3AI score0.99993EPSS
Exploits46
Saint
Saint
added 2018/04/25 12:0 a.m.643 views

Drupal Form API command execution

Added: 04/25/2018 CVE: CVE-2018-7600 BID: 103534 Background Drupal is an open-source content management system written in PHP. Problem Insufficient sanitization on Form API AJAX requests could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to Drupal 7.58, 8.3.9, 8.4.6,...

9.8CVSS10AI score0.99993EPSS
Exploits46
Rows per page
Query Builder