Lucene search
K

15 matches found

Imperva Blog
Imperva Blog
added 2024/01/31 2:3 p.m.54 views

Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet

On January 16, a joint alert from FBI and CISA warned about a concerning development: the emergence of a botnet driven by AndroxGh0st malware targeting vulnerable applications and web servers. AndroxGh0st is a Python-based malware, first seen in late 2022, designed to target Laravel .env files an...

10CVSS8AI score0.99999EPSS
Exploits222
GithubExploit
GithubExploit
added 2021/05/01 3:0 p.m.102 views

Exploit for Deserialization of Untrusted Data in Drupal

This is a PoC exploit for CVE-2019-6340, a remote code execution...

8.1CVSS8.7AI score0.91919EPSS
Exploits22
GithubExploit
GithubExploit
added 2019/05/27 7:6 p.m.288 views

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 Drupal8's REST RCE, SA-CORE-2019-003 0x01 d...

8.1CVSS8.5AI score0.91919EPSS
Exploits22
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/06 12:5 a.m.25 views

Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6340 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary PHP code on the system, caused by improper input validation in some field types. By sending a specially-crafted...

8.1CVSS1.5AI score0.91919EPSS
Exploits22Affected Software1
Packet Storm
Packet Storm
added 2019/03/06 12:0 a.m.76 views

Drupal RESTful Web Services unserialize() Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTful Web Services unserialize RCE', 'Description' = %q This module exploits a PHP unserialize vulnerability in Drupal RESTful Web...

6.8CVSS0.5AI score0.91919EPSS
Exploits22
Metasploit
Metasploit
added 2019/03/05 7:26 p.m.93 views

Drupal RESTful Web Services unserialize() RCE

This module exploits a PHP unserialize vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable albeit cached...

8.1CVSS0.3AI score0.91919EPSS
Exploits22
Saint
Saint
added 2019/02/27 12:0 a.m.75 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

8.1CVSS8.5AI score0.91919EPSS
Exploits22
0day.today
0day.today
added 2019/02/25 12:0 a.m.96 views

Drupal < 8.6.9 - REST Module Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

6.8CVSS8.3AI score0.91919EPSS
Exploits22
exploitpack
exploitpack
added 2019/02/25 12:0 a.m.81 views

Drupal 8.6.9 - REST Module Remote Code Execution

Drupal 8.6.9 - REST Module Remote Code Execution !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

6.8CVSS8.5AI score0.91919EPSS
Exploits22
Check Point Advisories
Check Point Advisories
added 2019/02/24 12:0 a.m.11 views

Drupal Core Remote Code Execution (CVE-2019-6340)

A code execution vulnerability exists in Drupal Core. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.6AI score0.91919EPSS
Exploits22
canvas
canvas
added 2019/02/21 9:29 p.m.59 views

Immunity Canvas: DRUPAL_SERVICES_RCE

Name| drupalservicesrce ---|--- CVE| CVE-2019-6340 Exploit Pack| CANVAS Description| CVE-2019-6340 Notes| CVE Name: CVE-2019-6340 VENDOR: Drupal NOTES: An unauthenticated unserialization bug can be exploited on the RESTful Web Services module on the Drupal core for the following versions: 7.X...

6.8CVSS2.1AI score0.91919EPSS
Exploits22
ThreatPost
ThreatPost
added 2019/02/21 3:54 p.m.133 views

Highly Critical Drupal CMS Flaw Affects Millions of Websites

The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...

6.8CVSS8.2AI score0.91919EPSS
Exploits22References7
The Hacker News
The Hacker News
added 2019/02/21 10:18 a.m.4 views

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal securi...

8.1CVSS9.2AI score0.91919EPSS
Exploits22
Circl
Circl
added 2019/02/21 4:0 a.m.10 views

CVE-2019-6340

creationtimestamp| type| source ---|---|--- 2019-02-21 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=366 2019-02-21 10:04:49+00:00| seen| https://t.me/SecLabNews/4314 2019-02-21 16:28:00+00:00| seen| https://t.me/CyberGovIL/361 2019-02-22 14:49:00+00:00| seen|...

8.1CVSS7.5AI score0.91919EPSS
Exploits22References25
Tenable Nessus
Tenable Nessus
added 2019/02/20 12:0 a.m.112 views

Drupal 8.5.x < 8.5.11 / 8.6.x < 8.6.10 Remote Code Execution (SA-CORE-2019-003)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.5.x prior to 8.5.11, or 8.6.x prior to 8.6.10. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of data from non-form sources. %NASLMINLEVEL 70300 C...

8.1CVSS8.1AI score0.91919EPSS
Exploits22References4
Rows per page
Query Builder