151 matches found
CVE-2020-13670
CVE-2020-13670 affects Drupal Core file module: an attacker can access the metadata of a permanent private file by guessing its file ID. Exposed versions: Drupal Core 8.8.x before 8.8.10, 8.9.x before 8.9.6, and 9.0.x before 9.0.6. The issue is documented across multiple sources (NVD/NIST, Drupal...
CVE-2020-13670
Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prio...
Drupal 代码问题漏洞
Drupal is an open source content management system developed by the Drupal community using the PHP language. A code issue exists in Drupal that is caused by improper access restrictions in the program's "JSON:API" module and "REST/File" module. A remote user could bypass the implemented security...
Drupal 8.8.x < 8.8.10 / 8.9.x < 8.9.6 / 9.0.x < 9.0.6 Multiple Vulnerabilities (drupal-2020-09-16)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6, or 9.0.x prior to 9.0.6. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the File module. An...
Ozeki NG SMS Gateway Arbitrary File Deletion Vulnerability
Ozeki NG SMS Gateway is a powerful, reliable and flexible SMS gateway application. An arbitrary file deletion vulnerability exists in the Outbox feature of the TXT File module in Ozeki NG SMS Gateway 4.17.6 and earlier versions. An attacker can exploit this vulnerability to delete all/most files ...
CVE-2020-14031
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...
Design/Logic Flaw
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the...
CVE-2020-14031
Ozeki NG SMS Gateway (versions up to 4.17.6) contains an arbitrary file deletion vulnerability in the TXT File module’s Outbox feature. An attacker can delete all/most files in a folder, with the product typically running under NT AUTHORITY\SYSTEM, meaning only running/security attribute-protecte...
Drupal 8.8.x < 8.8.10 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
Drupal 8.9.x < 8.9.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
Drupal 7.x < 7.73 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
Drupal 9.0.x < 9.0.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
DRUPAL-CORE-2020-011
A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...
PT-2020-13650 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue allows an attacker to gain access to the file metadata of a permanent private file by guessing the ID of the...
Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file...
Drupal Core file_create_filename Stored Cross-Site Scripting (CVE-2019-6341)
A stored cross-site scripting vulnerability exists in the File module of Drupal Core. The vulnerability is due to improper handling of the filename parameter provided for file uploads to the File module. Successful exploitation could result in the execution of arbitrary script code...
CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
Cross site scripting
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...