29 matches found
EUVD-2022-55978
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
CVE-2022-50957
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
CVE-2022-50957
CVE-2022-50957 concerns Drupal “avatar_uploader” module for version 7.x-1.0-beta8, containing a reflected cross-site scripting vulnerability. The issue arises when an attacker crafts a URL that includes a script payload in the file parameter of avatar_uploader.pages.inc, enabling execution of arb...
PT-2026-39482
Drupal avatar uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar uploader.pages.inc to...
EUVD-2015-2197
Malware in sbrugna...
EUVD-2014-8980
Malware in sbrugna...
CVE-2015-2087
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors...
CVE-2014-9155
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. dot dot in the path of a cropped picture in the uploader panel...
VulnCheck KEV: CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor:...
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor Contact:...
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download Vulnerability
Exploit for php platform in category web applications Title: Arbitrary file download vulnerability in Drupal module avataruploader v7.x-1.0-beta8 Author: Larry W. Cashdollar CVE-ID:CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzh...
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download
Title: Arbitrary file download vulnerability in Drupal module avataruploader v7.x-1.0-beta8 Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID:CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor...
Path traversal
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2015-2087
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors...
Unrestricted file upload
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors...