124 matches found
Drupal 9.4.x < 9.4.3 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
Drupal 7.x < 7.91 / 9.3.x < 9.3.19 / 9.4.x < 9.4.3 Multiple Vulnerabilities (drupal-2022-07-20)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19, or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities. - The Media oEmbed iframe route does not properly validate the iframe domai...
Drupal 安全漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal versions prior to 7.91, prior to 9.3.19, and prior to 9.4.3, which stems from the image module not properly checking for image files that are not stored in the...
Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
DRUPAL-CORE-2022-012
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
Moodle Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...
GHSA-58FM-V4PR-JH8P Moodle Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...
[SECURITY] [DLA 1803-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u3 CVE ID : CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 A read past allocated buffer vulnerability and two heap-buffer overflow vulnerabilites were discovered in the PHP5 programming language within the Exif image module. For Debian 8 "Jessie", these...
Moodle Arbitrary File Upload Vulnerability (CNVD-2016-10744)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. An arbitrary file upload vulnerability exists in the dual extension support in the ima...
UBUNTU-CVE-2016-9187
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...
CVE-2016-9187
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...
CVE-2016-9187
CVE-2016-9187: Unrestricted file upload in Moodle 3.1.2 image module due to double-extension handling allows remote authenticated users to execute arbitrary code by uploading an executable and accessing it via an unspecified vector. Connected documents corroborate the vulnerability and indicate a...
Drupal 7.x < 7.19 Multiple Vulnerabilities
Binary data 9725.prm...
PYSEC-2014-22
The 1 loaddjpeg function in JpegImagePlugin.py, 2 Ghostscript function in EpsImagePlugin.py, 3 load function in IptcImagePlugin.py, and 4 copy function in Image.py in Python Image Library PIL 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users...
CVE-2013-6387
Cross-site scripting XSS vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field...
Cross site scripting
Cross-site scripting XSS vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field...
UBUNTU-CVE-2013-6387
Cross-site scripting XSS vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field...
CVE-2013-6387
Cross-site scripting XSS vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field...
CVE-2013-6387
Removed by vendor...