Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OpenVAS
OpenVASadded 2016/10/07 12:0 a.m.28 views

Drupal Multiple Vulnerabilities (SA-CORE-2016-004) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

6.1CVSS4.9AI score0.01716EPSS
Exploits0References2
Check Point Advisories
Check Point Advisoriesadded 2016/10/06 12:0 a.m.4 views

Drupal Sensitive Core Files Information Disclosure (CVE-2016-7572)

An information disclosure vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to download local files, and may lead to disclosure of database credentials...

4CVSS4.6AI score0.01716EPSS
Exploits0
NVD
NVDadded 2016/10/03 6:59 p.m.16 views

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

4.3CVSS4.4AI score0.01716EPSS
Exploits0References3
OSV
OSVadded 2016/10/03 6:59 p.m.8 views

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

4.3CVSS4.2AI score
Exploits0References3
UbuntuCve
UbuntuCveadded 2016/10/03 6:59 p.m.25 views

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

4.3CVSS6AI score0.01716EPSS
Exploits0References2
Cvelist
Cvelistadded 2016/10/03 6:0 p.m.27 views

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors...

4.6AI score0.01716EPSS
Exploits0References3
CVE
CVEadded 2016/10/03 6:0 p.m.116 views

CVE-2016-7572

CVE-2016-7572 affects Drupal 8.x prior to 8.1.10, where the system.temporary route does not properly enforce the Export configuration permission, allowing remote authenticated users to bypass restrictions and read the full config export. Impact is sensitive information disclosure via an authentic...

4.3CVSS4.3AI score0.01716EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2016/10/03 6:0 p.m.28 views

CVE-2016-7572

Removed by vendor...

4.3CVSS4.9AI score0.01716EPSS
Exploits0
Drupal
Drupaladded 2016/09/21 12:0 a.m.641 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

Users without "Administer comments" can set comment visibility on nodes they can edit. Less critical Users who have rights to edit a node, can set the visibility on comments for that node. This should be restricted to those who have the administer comments permission. Cross-site Scripting in http...

6.1CVSS5.1AI score0.01716EPSS
Exploits0References23
Rows per page
Query Builder