Lucene search
K

151 matches found

CVE
CVE
added 2022/02/11 3:45 p.m.170 views

CVE-2020-13670

CVE-2020-13670 affects Drupal Core file module: an attacker can access the metadata of a permanent private file by guessing its file ID. Exposed versions: Drupal Core 8.8.x before 8.8.10, 8.9.x before 8.9.6, and 9.0.x before 9.0.6. The issue is documented across multiple sources (NVD/NIST, Drupal...

7.5CVSS7.3AI score0.01106EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/11 3:45 p.m.28 views

CVE-2020-13670

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prio...

7.4AI score0.01106EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.6 views

Drupal 代码问题漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A code issue exists in Drupal that is caused by improper access restrictions in the program's "JSON:API" module and "REST/File" module. A remote user could bypass the implemented security...

9.8CVSS8.4AI score0.01236EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/09/24 12:0 a.m.105 views

Drupal 8.8.x < 8.8.10 / 8.9.x < 8.9.6 / 9.0.x < 9.0.6 Multiple Vulnerabilities (drupal-2020-09-16)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6, or 9.0.x prior to 9.0.6. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the File module. An...

7.5CVSS6.4AI score0.01106EPSS
Exploits0References11
CNVD
CNVD
added 2020/09/23 12:0 a.m.5 views

Ozeki NG SMS Gateway Arbitrary File Deletion Vulnerability

Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. An arbitrary file deletion vulnerability exists in the Outbox feature of the TXT File module in Ozeki NG SMS Gateway 4.17.6 and earlier versions. An attacker can exploit this vulnerability to delete all/most files ...

9CVSS7AI score0.0159EPSS
Exploits1References1
OSV
OSV
added 2020/09/22 6:15 p.m.5 views

CVE-2020-14031

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...

7.2CVSS7AI score0.0159EPSS
Exploits1References2
Prion
Prion
added 2020/09/22 6:15 p.m.13 views

Design/Logic Flaw

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...

9CVSS6.9AI score0.0159EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/09/22 5:19 p.m.50 views

CVE-2020-14031

Ozeki NG SMS Gateway (versions up to 4.17.6) contains an arbitrary file deletion vulnerability in the TXT File module’s Outbox feature. An attacker can delete all/most files in a folder, with the product typically running under NT AUTHORITY\SYSTEM, meaning only running/security attribute-protecte...

9CVSS6.9AI score0.0159EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/18 12:0 a.m.28 views

Drupal 8.8.x < 8.8.10 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...

7.5CVSS6.8AI score0.02925EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/09/18 12:0 a.m.45 views

Drupal 8.9.x < 8.9.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...

7.5CVSS6.8AI score0.02925EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/09/18 12:0 a.m.31 views

Drupal 7.x < 7.73 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...

7.5CVSS6.8AI score0.02925EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/09/18 12:0 a.m.66 views

Drupal 9.0.x < 9.0.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...

7.5CVSS6.8AI score0.02925EPSS
Exploits0References11
OSV
OSV
added 2020/09/16 4:45 p.m.3 views

DRUPAL-CORE-2020-011

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...

7.5CVSS6.9AI score0.01106EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.1 views

PT-2020-13650 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue allows an attacker to gain access to the file metadata of a permanent private file by guessing the ID of the...

7.5CVSS7.3AI score0.01106EPSS
Exploits0References14
Drupal
Drupal
added 2020/09/16 12:0 a.m.36 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...

7.5CVSS3.6AI score0.01106EPSS
Exploits0References16
Check Point Advisories
Check Point Advisories
added 2019/11/25 12:0 a.m.7 views

Drupal Core file_create_filename Stored Cross-Site Scripting (CVE-2019-6341)

A stored cross-site scripting vulnerability exists in the File module of Drupal Core. The vulnerability is due to improper handling of the filename parameter provided for file uploads to the File module. Successful exploitation could result in the execution of arbitrary script code...

3.5CVSS1.8AI score0.12408EPSS
Exploits0
OSV
OSV
added 2019/03/26 6:29 p.m.14 views

CVE-2019-6341

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...

5.4CVSS5.2AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2019/03/26 6:29 p.m.22 views

CVE-2019-6341

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...

5.4CVSS6.4AI score0.12408EPSS
Exploits0References2
Prion
Prion
added 2019/03/26 6:29 p.m.19 views

Cross site scripting

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...

3.5CVSS5.1AI score0.12408EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2019/03/26 6:4 p.m.29 views

CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...

5.4AI score0.12408EPSS
Exploits0References7
Rows per page
Query Builder