Lucene search
+L

151 matches found

UbuntuCve
UbuntuCve
added 2016/04/12 3:59 p.m.17 views

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

8.1CVSS7.1AI score0.0159EPSS
Exploits0References3
NVD
NVD
added 2016/04/12 3:59 p.m.21 views

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

8.1CVSS7.7AI score0.0159EPSS
Exploits0References4
OSV
OSV
added 2016/04/12 3:59 p.m.2 views

UBUNTU-CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

8.1CVSS7.3AI score0.0159EPSS
Exploits0References4
OSV
OSV
added 2016/04/12 3:59 p.m.11 views

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

8.1CVSS7.7AI score
Exploits0References4
Debian CVE
Debian CVE
added 2016/04/12 3:0 p.m.50 views

CVE-2016-3162

Removed by vendor...

8.1CVSS8.1AI score0.0159EPSS
Exploits0
Cvelist
Cvelist
added 2016/04/12 3:0 p.m.32 views

CVE-2016-3162

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...

7.7AI score0.0159EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.13 views

Drupal 7.x < 7.43 Multiple Vulnerabilities

Binary data 9220.prm...

7.3AI score
Exploits0References3
CNVD
CNVD
added 2016/03/29 12:0 a.m.5 views

Multiple vulnerabilities in Drupal Core File module

Drupal is a free and open source content management system developed in PHP. A file upload bypass and denial of service vulnerability exists in the Drupal Core File module. This allows a malicious user to view, delete or replace a link to a file that the victim has uploaded to a form that has not...

8.1CVSS6.9AI score0.0159EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/02/26 12:0 a.m.9 views

FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)

Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...

5.6AI score
Exploits0References2
Drupal
Drupal
added 2016/02/24 12:0 a.m.630 views

Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001

File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...

8.5CVSS7.7AI score0.0319EPSS
Exploits0References50
OSV
OSV
added 2016/01/12 8:59 p.m.1 views

UBUNTU-CVE-2016-1231

Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...

5.9CVSS7AI score0.02867EPSS
Exploits0References3
Vulnerability Lab
Vulnerability Lab
added 2015/09/27 12:0 a.m.24 views

IconLover v5.4.5 - Stack Buffer Overflow Vulnerability

Document Title: =============== IconLover v5.4.5 - Stack Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1609 Release Date: ============= 2015-09-27 Vulnerability Laboratory ID VL-ID: ==================================== 160...

7.4AI score
Exploits0
NVD
NVD
added 2014/07/22 2:55 p.m.16 views

CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

4.9CVSS5.9AI score0.01323EPSS
Exploits0References2
Prion
Prion
added 2014/07/22 2:55 p.m.22 views

Design/Logic Flaw

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

4.9CVSS6.5AI score0.01323EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2014/07/22 2:55 p.m.30 views

CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

4.9CVSS6.4AI score0.01323EPSS
Exploits0References3
OSV
OSV
added 2014/07/22 2:55 p.m.4 views

UBUNTU-CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

4.9CVSS6.3AI score0.01323EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/07/22 2:0 p.m.36 views

CVE-2014-5020

The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...

5.8AI score0.01323EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/07/22 2:0 p.m.50 views

CVE-2014-5020

Removed by vendor...

4.9CVSS6.2AI score0.01323EPSS
Exploits0
CVE
CVE
added 2014/07/22 2:0 p.m.123 views

CVE-2014-5020

The Drupal 7.x File module vulnerability CVE-2014-5020 allows remote authenticated users with certain permissions to bypass file-view restrictions and read files by attaching a file to content via a file field. Affected software: Drupal core (Drupal 7.x) prior to 7.29. Root cause: improper permis...

4.9CVSS5.7AI score0.01323EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/07/21 12:0 a.m.41 views

Drupal 6.x < 6.32 / 7.x < 7.29 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.32 or 7.x prior to 7.29. It is, therefore, potentially affected by the following vulnerabilities : - The HTTP Host header, which determines the configuration file used by Drupal core's multisite feature, does not properly...

5CVSS6.1AI score0.02772EPSS
Exploits0References7
Rows per page
Query Builder