Fedora 28 : drupal8 (2018-8fd924a53d) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/8.4.8 - https://www.drupal.org/SA-CORE-2018-004 - https://www.drupal.org/project/drupal/releases/8.4.7 - https://www.drupal.org/sa-core-2018-003 RPM update: drupal8-rpmbuild package dependencies fixed Note that Tenable Network Security has extracted...

Fedora 28 : drupal7 (2018-43c64deada) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2...

Staying Safe in the Era of Browser-based Cryptocurrency Mining

Qualys Malware Research Labs is announcing the release of Qualys BrowserCheck CoinBlocker Chrome extension to detect and block browser-based cryptocurrency mining, aka cryptojacking. Cryptojacking Cryptojacking attacks leverage the victim system’s resources via malicious JavaScript to mine certai...

Fedora 26 : drupal7 (2018-2359c2ae0e) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Fedora 27 : drupal7 (2018-b9ad458866) (Drupalgeddon 2)

https://www.drupal.org/project/drupal/releases/7.59 - https://www.drupal.org/SA-CORE-2018-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...

Debian DLA-1365-1 : drupal7 security update (Drupalgeddon 2)

A remote code execution vulnerability has been found within multiple subsystems of Drupal. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. For Debian 7 'Wheezy', these problems have been fixed in version...

Drupal Drupalgeddon 2 Forms API Property Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal...

Drupal Drupalgeddon 2 Forms API Property Injection Exploit

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...

Drupal Drupalgeddon 2 Forms API Property Injection

This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Jasper Mattsson', Vulnerability discovery 'a2u', Proof of concept...

Exploit for Improper Input Validation in Drupal

Drupalgeddon 2 MSF exploit module for Drupalgeddon 2 CVE-201...

Debian DSA-4156-1 : drupal7 - security update (Drupalgeddon 2)

A remote code execution vulnerability has been found in Drupal, a fully-featured content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-002 C Tenable Network Security, Inc. The descriptive text and package checks in...