Lucene search
+L

466 matches found

Cvelist
Cvelist
added 2019/03/26 6:4 p.m.29 views

CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...

5.4AI score0.12408EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/03/21 12:0 a.m.18 views

Drupal 7.x < 7.65 Cross-Site Scripting

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in File module/subsystem due to improper sanitization of data in uploaded files. Note that the scanner has not tested for these issues but has instead relied only...

5.4CVSS5.6AI score0.12408EPSS
Exploits0References3
Drupal
Drupal
added 2019/03/13 12:0 a.m.15 views

Views (for Drupal 7) - Less critical - Cross site scripting - SA-CONTRIB-2019-036

This module enables you to create customized lists of data. The module doesn't sufficiently sanitize certain field types, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that a view must display a field with the format "Full data serialized" and an...

6AI score
Exploits0References12
Drupal
Drupal
added 2019/03/13 12:0 a.m.16 views

Views (for Drupal 7) - Moderately critical - Information disclosure - SA-CONTRIB-2019-035

This module enables you to create customized lists of data. The module doesn't sufficiently build queries when used with exposed filters, leading to a possible information disclosure vulnerability in certain rare circumstances. This vulnerability is mitigated by the fact that a view must have an...

6.2AI score
Exploits0References14
Drupal
Drupal
added 2019/03/13 12:0 a.m.16 views

Views (for Drupal 7) - Moderately critical - Information Disclosure - SA-CONTRIB-2019-034

This module enables you to create customized lists of data. The module doesn't sufficiently protect against argument definitions failing. This vulnerability is mitigated by the fact that a view must have custom PHP code used as a field validator...

7AI score
Exploits0References11
OSV
OSV
added 2019/02/02 12:0 a.m.30 views

DLA-1659-1 drupal7 - security update

Bulletin has no description...

9.8CVSS9.3AI score0.33228EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.15 views

Drupal 7.x < 7.62 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in third-party PEAR ArchiveTar library. - A flaw exists in PHP's built-in phar stream wrapper that could lead to a remote code execution when performing file...

9.8CVSS10AI score0.33228EPSS
Exploits0References5
OSV
OSV
added 2019/01/17 12:0 a.m.27 views

DSA-4370-1 drupal7 - security update

Bulletin has no description...

9.8CVSS8.6AI score0.33228EPSS
Exploits0
Drupal
Drupal
added 2019/01/09 12:0 a.m.16 views

Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001

This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unus...

6.7AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.37 views

Drupal 7.x < 7.56 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain operations. An unauthenticated, remote attacker can exploit this to execute arbitra...

9.8CVSS7.5AI score0.20482EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.170 views

Drupal 7.x < 7.58 Remote Code Execution Vulnerability

According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

9.8CVSS8.2AI score0.99993EPSS
Exploits46References3
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.82 views

Drupal 7.x < 7.59 Remote Code Execution Vulnerability

According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

9.8CVSS8.2AI score0.99236EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.19 views

Drupal 7.x < 7.60 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in content moderation that could lead to an access bypass. - A flaw exists in path module that could allow users with the administer paths to enter a particular...

7.7AI score
Exploits0References2
Drupal
Drupal
added 2018/10/17 12:0 a.m.565 views

Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006

Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order to fix this issue, the following changes have been made to content moderation which may have...

8.4AI score
Exploits0References31
Dsquare
Dsquare
added 2018/05/08 12:0 a.m.669 views

Drupal 7 SA-CORE-2018-002 RCE

Remote command execution vulnerability in Drupal core/lib/Drupal/Core/DrupalKernel.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

7.5CVSS0.7AI score0.99993EPSS
Exploits46
Dsquare
Dsquare
added 2018/05/08 12:0 a.m.561 views

Drupal 7 SA-CORE-2018-004 RCE

Remote command execution vulnerability in Drupal Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

7.5CVSS0.7AI score0.99236EPSS
Exploits14
Packet Storm
Packet Storm
added 2018/04/30 12:0 a.m.87 views

Drupalgeddon3 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution vulnerability exists within multiple subsystems of...

9.9AI score0.99236EPSS
Exploits14
ArchLinux
ArchLinux
added 2018/04/27 12:0 a.m.34 views

[ASA-201804-10] drupal: arbitrary command execution

Arch Linux Security Advisory ASA-201804-10 ========================================== Severity: Critical Date : 2018-04-27 CVE-ID : CVE-2018-7602 Package : drupal Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-679 Summary ======= The package drupal befor...

9.8CVSS3.3AI score0.99236EPSS
Exploits14References4
OSV
OSV
added 2018/04/26 12:0 a.m.39 views

DLA-1365-1 drupal7 - security update

Bulletin has no description...

9.8CVSS9.7AI score0.99236EPSS
Exploits14
Packet Storm
Packet Storm
added 2018/04/26 12:0 a.m.124 views

Drupal drupgeddon3 Remote Code Execution

This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step form then confirm. POST...

0.1AI score0.99236EPSS
Exploits14
Rows per page
Query Builder