151 matches found
CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
UBUNTU-CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
CVE-2016-3162
Removed by vendor...
CVE-2016-3162
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files...
Drupal 7.x < 7.43 Multiple Vulnerabilities
Binary data 9220.prm...
Multiple vulnerabilities in Drupal Core File module
Drupal is a free and open source content management system developed in PHP. A file upload bypass and denial of service vulnerability exists in the Drupal Core File module. This allows a malicious user to view, delete or replace a link to a file that the victim has uploaded to a form that has not...
FreeBSD : drupal -- multiple vulnerabilities (59a0af97-dbd4-11e5-8fa8-14dae9d210b8)
Drupal Security Team reports : - File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical - Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical - Open redirect via path manipulation Base system - Drupal 6, 7...
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-001
File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical A vulnerability exists in the File module that allows a malicious user to view, delete or substitute a link to a file that the victim has uploaded to a form while the form has not yet been submitted...
UBUNTU-CVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module modhttpfiles in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. dot dot in an unspecified path...
IconLover v5.4.5 - Stack Buffer Overflow Vulnerability
Document Title: =============== IconLover v5.4.5 - Stack Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1609 Release Date: ============= 2015-09-27 Vulnerability Laboratory ID VL-ID: ==================================== 160...
CVE-2014-5020
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...
Design/Logic Flaw
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...
CVE-2014-5020
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...
UBUNTU-CVE-2014-5020
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...
CVE-2014-5020
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field...
CVE-2014-5020
Removed by vendor...
CVE-2014-5020
The Drupal 7.x File module vulnerability CVE-2014-5020 allows remote authenticated users with certain permissions to bypass file-view restrictions and read files by attaching a file to content via a file field. Affected software: Drupal core (Drupal 7.x) prior to 7.29. Root cause: improper permis...
Drupal 6.x < 6.32 / 7.x < 7.29 Multiple Vulnerabilities
The remote web server is running a version of Drupal that is 6.x prior to 6.32 or 7.x prior to 7.29. It is, therefore, potentially affected by the following vulnerabilities : - The HTTP Host header, which determines the configuration file used by Drupal core's multisite feature, does not properly...