CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

seebug.org•added 2007/02/15 12:0 a.m.•22 views

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...

7.1AI score

Exploits0

0day.today•added 2007/02/15 12:0 a.m.•32 views

Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================== Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host direct...

7.1AI score

Exploits0

0day.today•added 2007/02/15 12:0 a.m.•39 views

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================ Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host directory proxy\n"...

7.1AI score

Exploits0

Tenable Nessus•added 2007/02/01 12:0 a.m.•33 views

Drupal Comment Module comment_form_add_preview() Function Arbitrary Code Execution

The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary...

6.5CVSS6.5AI score0.04969EPSS

Exploits0References2

Prion•added 2007/01/31 6:28 p.m.•28 views

Input validation

The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...

6.5CVSS7.8AI score0.04969EPSS

Exploits0References10Affected Software1

NVD•added 2007/01/31 6:28 p.m.•20 views

CVE-2007-0626

6.5CVSS7.5AI score0.04969EPSS

Exploits0References10

Drupal•added 2007/01/29 12:0 a.m.•14 views

DRUPAL-SA-2007-005 - Drupal core - Arbitrary code execution

Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. By default, anonymous and authenticated users have access to only one input format. Immediate...

7.9AI score

Exploits0References5

Cvelist•added 2007/01/03 2:0 a.m.•15 views

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

5.7AI score0.01535EPSS

Exploits1References5

NVD•added 2006/12/31 5:0 a.m.•12 views

CVE-2006-6844

Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...

6.8CVSS5.7AI score0.01535EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by