143 matches found
Code injection
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors...
CVE-2008-3745
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors...
SA-2008-047 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities and weaknesses were discovered in Drupal. Cross site scripting A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by th...
IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit
No description provided by source. !-- written by e.b. IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit CVE-2007-4474 Tested on Windows XP SP2fully patched English, IE6, dwa7w.dll version 7.0.34.1 Thanks to h.d.m. and the Metasploit crew -- html head titleIBM Domino Web Access...
dwa7w-overwrite.txt
This one is unicode based, so is inotes6w. Exploitation for inotes6w is probably the same just with a different offset. Code is inline and attached. --------------------- IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.lengt...
IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow
IBM Domino Web Access Upload Module - dwa7w.dll Remote Buffer Overflow IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit function Check var buf = unescape"%u4141"; while buf.length = 2461 buf = buf + unescape"%u4141"; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe...
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Remote Buffer Overflow IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 3119 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...
IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit
Exploit for unknown platform in category remote exploits ========================================================= IBM Domino Web Access Upload Module dwa7w.dll BoF Exploit ========================================================= IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploi...
IBM Domino Web Access 7.0 Upload Module - 'inotes6.dll' Remote Buffer Overflow
IBM Domino Web Access Upload Module inotes6.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 3119 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
Stack overflow
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long GeneralServerName propert...
FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)
The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
Cross site scripting
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...
CVE-2007-5596
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...
CVE-2007-5596
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...
CVE-2007-5596
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting XSS attacks by uploading .html files...
CVE-2007-5596
CVE-2007-5596 affects Drupal’s core Upload module in Drupal 4.7.x (before 4.7.8) and 5.x (before 5.3). The vulnerability arises from a whitelist that includes the .html extension, allowing remote attackers to upload .html files that can trigger cross-site scripting (XSS). Public details in the co...
SA-2007-026 - Drupal Core - Cross site scripting via uploads
The allowed extension list of the core Upload module contains the extension HTML by default. Such files can be used to execute arbitrary script code in the context of the affected site when a user views the file. Revoking upload permissions or removing the .html extension from the allowed extensi...
drupal --- multiple vulnerabilities
The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
CVE-2006-5238
Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors...
CVE-2006-2832
Cross-site scripting XSS vulnerability in the upload module upload.module in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename...