CVE-2016-6823

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service crash via crafted height and width values, which triggers an out-of-bounds write...

CVE-2016-7101

The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service out-of-bounds read via a large row value in an sgi file...

ImageMagick 'coders/rle.c' heap buffer overflow vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A heap buffer overflow vulnerability exists in ImageMagick due to ImageMagick failing to adequately define user input...

UBUNTU-CVE-2016-7519

The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service out-of-bounds read via a crafted file...

UBUNTU-CVE-2016-6823

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service crash via crafted height and width values, which triggers an out-of-bounds write...

PT-2016-7359 · Imagemagick +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: The issue allows remote attackers to cause a denial of service out-of-bounds read via a crafted PICT file. This is due to a problem in the EncodeImage function in coders/pict.c...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

Drupal Coder Module coder_upgrade.run.php Remote Code Execution

The vulnerability is due to improper input validation on user-supplied input. remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the proces...

Drupal CODER Module Remote Code Execution

A code execution vulnerability exists in Drupal CODER Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Drupal Coder Module Deserialization RCE

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the Coder module, specifically in file coderupgrade.run.php, due to improper validation of user-supplied input to the unserialize function. An unauthenticated, remote attacker can exploi...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Drupal Module CODER 2.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploi...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a Remote Command Execution vulnerability in Drupal CODER...

Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution (SA-CONTRIB-2016-039)

Exploit for php platform in category remote exploits array "coderupgrade" = array "module" = "color", "files" = array"color.module" , "extensions" = array"module", "items" = array array"olddir"="test; $cmd;", "newdir"="test", "paths" = array "modulesbase" = "../../../", "filesbase" =...

Drupal Module Coder 7.x-1.37.x-2.6 - Remote Code Execution

Drupal Module Coder 7.x-1.37.x-2.6 - Remote Code Execution array "coderupgrade" = array "module" = "color", "files" = array"color.module" , "extensions" = array"module", "items" = array array"olddir"="test; $cmd;", "newdir"="test", "paths" = array "modulesbase" = "../../../", "filesbase" =...

Drupal Module Coder &lt; 7.x-1.3/7.x-2.6 - Remote Code Execution

array "coderupgrade" = array "module" = "color", "files" = array"color.module" , "extensions" = array"module", "items" = array array"olddir"="test; $cmd;", "newdir"="test", "paths" = array "modulesbase" = "../../../", "filesbase" = "../../../../sites/default/files" ; $payload = serialize$a;...

Drupal CODER Module Remote Command Execution

This module exploits a Remote Command Execution vulnerability in the Drupal CODER Module. Unauthenticated users can execute arbitrary commands under the context of the web server user. The CODER module doesn't sufficiently validate user inputs in a script file that has the PHP extension. A...

Drupal Coder RCE Vulnerability (SA-CONTRIB-2016-039) - Active Check

Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; if...

3 Popular Drupal Modules Found Vulnerable — Patch Released

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution RCE bugs that could allow attackers to fully take over any affected site. Below are the three separate Drup...

Drupal Patches Three Remote Code Execution Vulnerabilities in Modules

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...