466 matches found
[SECURITY] Fedora 34 Update: drupal7-7.82-1.fc34
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
DLA-2721-1 drupal7 - security update
Bulletin has no description...
Drupal 7.x < 7.80 Cross-Site Scripting
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.80, 8.9.x prior to 8.9.14, 9.0.x prior to 9.0.12 or 9.1.x prior to 9.1.7. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability due to Drupal core's sanitization AP...
DLA-2530-1 drupal7 - security update
Bulletin has no description...
CVE-2017-20001
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...
Drupal 7.x < 7.75 Remote Code Execution
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.75, 8.8.x prior to 8.8.12, 8.9.x prior to 8.9.10 or 9.0.x prior to 9.0.9. It is, therefore, affected by a remote code execution due to the PEAR ArchiveTar library used by Drupal. No...
DLA-2466-1 drupal7 - security update
Bulletin has no description...
Drupal 7.x, 8.x, 9.x RCE Vulnerability (SA-CORE-2020-012) - Linux
Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...
Debian: Security Advisory (DLA-2458-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Drupal 7.x < 7.74 Remote Code Execution
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.74, 8.8.x prior to 8.8.11, 8.9.x prior to 8.9.9 or 9.0.x prior to 9.0.8. It is, therefore, affected by a remote code execution due to filenames on uploaded files not properly...
DLA-2263-1 drupal7 - security update
Bulletin has no description...
DLA-2250-1 drupal7 - security update
Bulletin has no description...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are ... security issues in jQuery’s DOM manipulation methods, as in .html, .append, and the others. Security advisories for...
Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003
Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. The vulnerability is caused by insufficient validation of the destination query parameter in the drupalgoto function...
enfocus.com Cross Site Request Forgery vulnerability
Open Bug Bounty ID: OBB-1138841 Security Researcher Manojkhd Helped patch 44 vulnerabilities Received 3 Coordinated Disclosure badges , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting enfocus.com website and its users. Following coordinate...
CVE-2014-8338
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
CVE-2014-8338
CVE-2014-8338 – details available Affected software: VideoWhisper Webcam plugins for Drupal 7.x, specifically the file vwrooms/js/jsor-jcarousel/examples/special_textscroller.php. Vulnerability: Cross-site Scripting (XSS) via a crafted SVG file supplied in the feed parameter. The vulnerability or...
CVE-2014-8338
Cross-site scripting XSS vulnerability in vwrooms/js/jsor-jcarousel/examples/specialtextscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter...
Fedora Update for drupal7-webform FEDORA-2019-88d9c30b7d
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...