466 matches found
CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
Drupal 7.x < 7.65 Cross-Site Scripting
According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in File module/subsystem due to improper sanitization of data in uploaded files. Note that the scanner has not tested for these issues but has instead relied only...
Views (for Drupal 7) - Less critical - Cross site scripting - SA-CONTRIB-2019-036
This module enables you to create customized lists of data. The module doesn't sufficiently sanitize certain field types, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that a view must display a field with the format "Full data serialized" and an...
Views (for Drupal 7) - Moderately critical - Information disclosure - SA-CONTRIB-2019-035
This module enables you to create customized lists of data. The module doesn't sufficiently build queries when used with exposed filters, leading to a possible information disclosure vulnerability in certain rare circumstances. This vulnerability is mitigated by the fact that a view must have an...
Views (for Drupal 7) - Moderately critical - Information Disclosure - SA-CONTRIB-2019-034
This module enables you to create customized lists of data. The module doesn't sufficiently protect against argument definitions failing. This vulnerability is mitigated by the fact that a view must have custom PHP code used as a field validator...
DLA-1659-1 drupal7 - security update
Bulletin has no description...
Drupal 7.x < 7.62 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in third-party PEAR ArchiveTar library. - A flaw exists in PHP's built-in phar stream wrapper that could lead to a remote code execution when performing file...
DSA-4370-1 drupal7 - security update
Bulletin has no description...
Phone Field - Critical - SQL Injection - SA-CONTRIB-2019-001
This module provides a phone field for Drupal 7 that supports the HTML5 tel:-schema. In an API function that is not used by the module, the name for the phone field is not sufficiently sanitised when using it in database queries. This vulnerability is mitigated by the fact that it affects an unus...
Drupal 7.x < 7.56 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain operations. An unauthenticated, remote attacker can exploit this to execute arbitra...
Drupal 7.x < 7.58 Remote Code Execution Vulnerability
According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Drupal 7.x < 7.59 Remote Code Execution Vulnerability
According to its self-reported version number, the detected Drupal application is affected by a remote code execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Drupal 7.x < 7.60 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in content moderation that could lead to an access bypass. - A flaw exists in path module that could allow users with the administer paths to enter a particular...
Drupal Core - Multiple Vulnerabilities - SA-CORE-2018-006
Content moderation - Moderately critical - Access bypass - Drupal 8 In some conditions, content moderation fails to check a users access to use certain transitions, leading to an access bypass. In order to fix this issue, the following changes have been made to content moderation which may have...
Drupal 7 SA-CORE-2018-002 RCE
Remote command execution vulnerability in Drupal core/lib/Drupal/Core/DrupalKernel.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Drupal 7 SA-CORE-2018-004 RCE
Remote command execution vulnerability in Drupal Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Drupalgeddon3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution vulnerability exists within multiple subsystems of...
[ASA-201804-10] drupal: arbitrary command execution
Arch Linux Security Advisory ASA-201804-10 ========================================== Severity: Critical Date : 2018-04-27 CVE-ID : CVE-2018-7602 Package : drupal Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-679 Summary ======= The package drupal befor...
DLA-1365-1 drupal7 - security update
Bulletin has no description...
Drupal drupgeddon3 Remote Code Execution
This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step form then confirm. POST...