Lucene search
+L

466 matches found

fedora
fedora
added 2021/09/19 4:48 a.m.52 views

[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

7.8CVSS2AI score0.84554EPSS
Exploits5
osv
osv
added 2021/07/26 12:0 a.m.25 views

DLA-2721-1 drupal7 - security update

Bulletin has no description...

7.1CVSS6.9AI score0.73377EPSS
Exploits0
nessus
nessus
added 2021/04/22 12:0 a.m.14 views

Drupal 7.x < 7.80 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.80, 8.9.x prior to 8.9.14, 9.0.x prior to 9.0.12 or 9.1.x prior to 9.1.7. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability due to Drupal core's sanitization AP...

6.2AI score
Exploits0References2
osv
osv
added 2021/01/21 12:0 a.m.28 views

DLA-2530-1 drupal7 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.70595EPSS
Exploits0
cvelist
cvelist
added 2020/12/31 11:27 p.m.23 views

CVE-2017-20001

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

7.7AI score0.00414EPSS
Exploits0References1
nessus
nessus
added 2020/11/30 12:0 a.m.34 views

Drupal 7.x < 7.75 Remote Code Execution

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.75, 8.8.x prior to 8.8.12, 8.9.x prior to 8.9.10 or 9.0.x prior to 9.0.9. It is, therefore, affected by a remote code execution due to the PEAR ArchiveTar library used by Drupal. No...

7.8CVSS10AI score0.84554EPSS
Exploits5References4
osv
osv
added 2020/11/26 12:0 a.m.31 views

DLA-2466-1 drupal7 - security update

Bulletin has no description...

7.8CVSS7.9AI score0.84554EPSS
Exploits5
openvas
openvas
added 2020/11/20 12:0 a.m.31 views

Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Linux

Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

8.8CVSS9AI score0.04304EPSS
Exploits0References3
openvas
openvas
added 2020/11/20 12:0 a.m.38 views

Debian: Security Advisory (DLA-2458-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.6AI score0.04304EPSS
Exploits0References8
nessus
nessus
added 2020/11/19 12:0 a.m.13 views

Drupal 7.x < 7.74 Remote Code Execution

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.74, 8.8.x prior to 8.8.11, 8.9.x prior to 8.9.9 or 9.0.x prior to 9.0.8. It is, therefore, affected by a remote code execution due to filenames on uploaded files not properly...

8.8CVSS9.7AI score0.04304EPSS
Exploits0References3
osv
osv
added 2020/06/29 12:0 a.m.26 views

DLA-2263-1 drupal7 - security update

Bulletin has no description...

8.8CVSS8.6AI score0.00695EPSS
Exploits0
osv
osv
added 2020/06/18 12:0 a.m.18 views

DLA-2250-1 drupal7 - security update

Bulletin has no description...

6.1CVSS6.3AI score0.00864EPSS
Exploits0
drupal
drupal
added 2020/05/20 12:0 a.m.123 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are ... security issues in jQuery’s DOM manipulation methods, as in .html, .append, and the others. Security advisories for...

6.9CVSS0.2AI score0.99019EPSS
Exploits11References24
drupal
drupal
added 2020/05/20 12:0 a.m.42 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupalgoto function...

6.1CVSS4.4AI score0.00864EPSS
Exploits0References6
openbugbounty
openbugbounty
added 2020/04/11 10:8 a.m.6 views

enfocus.com Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-1138841 Security Researcher Manojkhd Helped patch 44 vulnerabilities Received 3 Coordinated Disclosure badges , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting enfocus.com website and its users. Following coordinate...

0.2AI score
Exploits0
nvd
nvd
added 2020/01/31 10:15 p.m.19 views

CVE-2014-8338

Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...

6.1CVSS6AI score0.01276EPSS
Exploits2References2
prion
prion
added 2020/01/31 10:15 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...

4.3CVSS6.1AI score0.01276EPSS
Exploits2References2Affected Software1
cve
cve
added 2020/01/31 9:49 p.m.191 views

CVE-2014-8338

CVE-2014-8338 – details available Affected software: VideoWhisper Webcam plugins for Drupal 7.x, specifically the file vwrooms/js/jsor-jcarousel/examples/special_textscroller.php. Vulnerability: Cross-site Scripting (XSS) via a crafted SVG file supplied in the feed parameter. The vulnerability or...

6.1CVSS6AI score0.01276EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2020/01/31 9:49 p.m.23 views

CVE-2014-8338

Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...

6AI score0.01276EPSS
Exploits2References2
openvas
openvas
added 2020/01/09 12:0 a.m.10 views

Fedora Update for drupal7-webform FEDORA-2019-88d9c30b7d

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder