Lucene search
K

143 matches found

Prion
Prion
added 2008/08/27 3:21 p.m.18 views

Code injection

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors...

5.5CVSS6.2AI score0.01395EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2008/08/27 3:21 p.m.19 views

CVE-2008-3745

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors...

5.5CVSS6AI score0.01395EPSS
Exploits0References8
Drupal
Drupal
added 2008/08/13 12:0 a.m.488 views

SA-2008-047 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross site scripting A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by th...

7.3AI score
Exploits0References15
seebug.org
seebug.org
added 2008/01/03 12:0 a.m.35 views

IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit

No description provided by source. !-- written by e.b. IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit CVE-2007-4474 Tested on Windows XP SP2fully patched English, IE6, dwa7w.dll version 7.0.34.1 Thanks to h.d.m. and the Metasploit crew -- html head titleIBM Domino Web Access...

9.3CVSS0.7AI score0.44184EPSS
Exploits25
Packet Storm
Packet Storm
added 2007/12/31 12:0 a.m.34 views

dwa7w-overwrite.txt

This one is unicode based, so is inotes6w. Exploitation for inotes6w is probably the same just with a different offset. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.lengt...

9.3CVSS6.3AI score0.44184EPSS
Exploits25
exploitpack
exploitpack
added 2007/12/30 12:0 a.m.21 views

IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow

IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.length = 2461 buf = buf + unescape"%u4141"; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe...

9.3CVSS1.3AI score0.44184EPSS
Exploits25
exploitpack
exploitpack
added 2007/12/30 12:0 a.m.24 views

IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow

IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 3119 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...

9.3CVSS1.2AI score0.44184EPSS
Exploits25
0day.today
0day.today
added 2007/12/30 12:0 a.m.58 views

IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit

Exploit for unknown platform in category remote exploits ========================================================= IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit ========================================================= IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploi...

7.1AI score0.44184EPSS
Exploits25
Exploit DB
Exploit DB
added 2007/12/30 12:0 a.m.43 views

IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow

IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 3119 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...

9.3CVSS6.4AI score0.44184EPSS
Exploits25
Prion
Prion
added 2007/12/27 10:46 p.m.13 views

Stack overflow

Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long GeneralServerName propert...

9.3CVSS7.7AI score0.44184EPSS
Exploits25References11Affected Software2
Tenable Nessus
Tenable Nessus
added 2007/10/25 12:0 a.m.33 views

FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)

The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

6.8CVSS5.9AI score0.03771EPSS
Exploits0References11
Prion
Prion
added 2007/10/19 11:17 p.m.22 views

Cross site scripting

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...

4.3CVSS5.8AI score0.01631EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/10/19 11:17 p.m.25 views

CVE-2007-5596

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...

4.3CVSS5.7AI score0.01631EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2007/10/19 11:17 p.m.18 views

CVE-2007-5596

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...

4.3CVSS5.9AI score0.01631EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/10/19 11:0 p.m.34 views

CVE-2007-5596

The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...

5.6AI score0.01631EPSS
Exploits0References7
CVE
CVE
added 2007/10/19 11:0 p.m.63 views

CVE-2007-5596

CVE-2007-5596 affects Drupal’s core Upload module in Drupal 4.7.x (before 4.7.8) and 5.x (before 5.3). The vulnerability arises from a whitelist that includes the .html extension, allowing remote attackers to upload .html files that can trigger cross-site scripting (XSS). Public details in the co...

4.3CVSS5.6AI score0.01631EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2007/10/17 12:0 a.m.16 views

SA-2007-026 - Drupal Core - Cross site scripting via uploads

The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...

6.8AI score
Exploits0References6
FreeBSD
FreeBSD
added 2007/10/17 12:0 a.m.41 views

drupal --- multiple vulnerabilities

The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...

4.3CVSS7.2AI score0.01451EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/10/12 12:0 a.m.20 views

CVE-2006-5238

Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors...

6.6AI score0.0152EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2006/06/06 12:2 a.m.20 views

CVE-2006-2832

Cross-site scripting XSS vulnerability in the upload module upload.module in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename...

2.6CVSS6AI score0.01339EPSS
Exploits0References1
Rows per page
Query Builder