CVE-2003-1002

Cisco Firewall Services Module FWSM in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service crash and reload via an SNMPv3 message when snmp-server is set...

CVE-2003-1001

Buffer overflow in the Cisco Firewall Services Module FWSM in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service crash and reload via HTTP auth requests for 1 TACACS+ or 2 RADIUS authentication...

CVE-2023-5304

A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. Th...

CVE-2022-30821

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "packageedit.php" file...

CVE-2022-30821

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "packageedit.php" file...

CVE-2022-30821

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "packageedit.php" file...

Privilege escalation

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "packageedit.php" file...

GHSA-3GX6-H57H-RM27 Drupal Core Remote Code Execution Vulnerability

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

VulnCheck KEV: CVE-2018-0154

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service DoS condition...

CVE-2020-1255

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

Cisco IOS Software Integrated Services Module for VPN DoS (cisco-sa-20180328-dos)

According to its self-reported version, Cisco IOS Software is affected by a vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN ISM-VPN due to insufficient handling of VPN traffic by the affected device. An unauthenticated, remote attacker can exploit this by sendin...

Cisco Adaptive Security Appliance - Path Traversal Exploit

Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...

Universally Unique IDentifier - Moderately critical - Access bypass - SA-CONTRIB-2019-052

This module provides an API for adding universally unique identifiers UUID to Drupal objects, most notably entities. The module has a privilege escalation vulnerability when it's used in combination with Services+REST server. This vulnerability is mitigated by the fact that an attacker must...

Services - Less critical - Access bypass - SA-CONTRIB-2019-043

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The Services module has an access bypass vulnerability in its "attachfile" resource that allows users who have access to create or update nodes that include file fields to...

Services - Critical - SQL Injection - SA-CONTRIB-2019-026

This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module doesn't sufficiently sanitize user input for entity index resources thus allowing SQL Injection attacks. This vulnerability is mitigated by the fact that the Drupal 7...

Immunity Canvas: DRUPAL_SERVICES_RCE

Name| drupalservicesrce ---|--- CVE| CVE-2019-6340 Exploit Pack| CANVAS Description| CVE-2019-6340 Notes| CVE Name: CVE-2019-6340 VENDOR: Drupal NOTES: An unauthenticated unserialization bug can be exploited on the RESTful Web Services module on the Drupal core for the following versions: 7.X...

CVE-2019-6340 Drupal core - Highly critical - Remote Code Execution

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal securi...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

Drupal Services Single Sign-On Client Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Services is one of the modules that allows users to programmatically create customized Web service items. A cross-site scripting attack vulnerability exists in the Services Single Sign-...