Lucene search
K

35 matches found

Prion
Prion
added 2023/04/26 7:15 p.m.25 views

Design/Logic Flaw

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

4CVSS6.4AI score0.0054EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.3 views

PT-2023-23267 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal affected versions not specified Description: The file download facility does not sufficiently sanitize file paths in certain situations, potentially allowing users to access private files they should not have access to. Some sites may...

6.5CVSS6.9AI score0.0054EPSS
Exploits0References12
OSV
OSV
added 2022/05/13 1:46 a.m.18 views

GHSA-RHX9-3QF7-R3J7 Drupal Remote code execution

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...

8.1CVSS8.2AI score0.03901EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/05/03 12:0 a.m.15 views

Drupal Input Validation Vulnerability (SA-CORE-2022-008) - Windows

Drupal is prone to an improper input validation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

7.5CVSS7.5AI score0.00568EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/01/20 12:0 a.m.27 views

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Linux

Drupal is prone to multiple cross-site scripting XSS vulnerabilities in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/19 12:0 a.m.13 views

Drupal 8.8.x < 8.8.11 Remote Code Execution

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.74, 8.8.x prior to 8.8.11, 8.9.x prior to 8.9.9 or 9.0.x prior to 9.0.8. It is, therefore, affected by a remote code execution due to filenames on uploaded files not properly...

8.8CVSS9.7AI score0.04269EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/04/25 12:0 a.m.18 views

Drupal 8.x < 8.5.15 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Several flaws exist in third-party Symfony PHP framework. - A flaw exists in third-party jQuery JavaScript library. Note that the scanner has not tested for these issues but...

9.8CVSS8.6AI score0.0595EPSS
Exploits1References6
CNVD
CNVD
added 2018/02/26 12:0 a.m.15 views

Drupal cross-site scripting vulnerability (CNVD-2018-05185)

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. jQuery is one of the JavaScript libraries used in it. A cross-site scripting vulnerability exists in jQuery in Drupal versions 8 and 7. A remote attacker can exploit this vulnerability...

6.1CVSS6.4AI score0.01247EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/01 12:0 a.m.3 views

Multiple vulnerabilities in the Drupal Search API module

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search API is one of the framework modules used to create search functionality for any Entity of Drupal. Information disclosure vulnerabilities, cross-site scripting vulnerabilities, an...

6.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.6 views

Drupal Unsupported Version Detection

Binary data 9221.prm...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.14 views

Drupal Version Detection

Binary data 9209.prm...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.13 views

Drupal 6.x Detection

Binary data 9210.prm...

7.3AI score
Exploits0References2
OSV
OSV
added 2013/12/07 9:55 p.m.5 views

UBUNTU-CVE-2013-6389

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

5.8CVSS5.9AI score0.01207EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2006/05/26 12:0 a.m.37 views

Drupal-4.7.txt

!/usr/bin/php -q -d shortopentag=on '; / then: http://target/path/files/attach.php.pps?cmd=ls%20-la also, I noticed that from an admin account you can upload .php3 or .php5 files / if $argc6 echo "Usage: php ".$argv0." host path user pass cmd OPTIONS\r\n"; echo "host: target server...

7.4AI score
Exploits0
Drupal
Drupal
added 2005/10/30 12:0 a.m.9 views

Unintentionally logging credit card transactions

Solar Designer of the Openwall Project reported a security vulnerability in the contributed authorizenet module which is part of the ecommerce package. Credit card information was being stored in a system log file. The system should not be saving this information. Versions affected Please check t...

5.4AI score
Exploits0References5
Rows per page
Query Builder