49 matches found
EUVD-2010-1977
Malware in sbrugna...
EUVD-2012-5430
Malware in sbrugna...
EUVD-2014-8981
Malware in sbrugna...
CVE-2012-5538
Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...
Improper Input Validation
silverstripe/framework is vulnerable to Improper Input Validation. The vulnerability exists in the validate function of FileField.php because FileField does not properly validate single file upload which allows a malicious attacker to upload multiple files by adding square brackets...
GHSA-7MV4-4XPG-XQ44 FormField with square brackets in field name skips validation
FileField with array notation skips validation The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload. PHP allows for submitting multiple values by adding square brackets to the field name. When th...
FormField with square brackets in field name skips validation
FileField with array notation skips validation The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload. PHP allows for submitting multiple values by adding square brackets to the field name. When th...
FileField Sources - Moderately critical - Access Bypass - SA-CONTRIB-2018-007
This module enables you to upload files to fields via several sources. The module doesn't sufficiently handle access control under the scenario of the autocomplete path of reference sources...
Drupal FileField Module Remote Denial of Service Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.FileField is one of the file upload components that uses the CCK feature extension. A remote denial of service vulnerability exists in versions 6.x-3.x of the Drupal FileField module...
FileField - Denial of Service - SA-CONTRIB-2016-008
FileField module allows users to upload files in conjunction with the Content Construction Kit CCK module in Drupal 6. The module doesn't validate that a request to delete a temporary file was made by the user who uploaded the file. An attacker can use this vulnerability to delete other user's fi...
CVE-2014-9156
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file...
Design/Logic Flaw
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file...
CVE-2014-9156
The vulnerability CVE-2014-9156 affects the Drupal FileField module (6.x-3.x) prior to 6.x-3.13. The root cause is a failing permission check to view files when attaching an uploaded file, enabling remote authenticated users with permission to create or edit content to read private files. Affecte...
CVE-2014-9156
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read private files by attaching an uploaded file...
SA-CONTRIB-2014-071 - FileField - Access bypass
The FileField module enables you to define and use fields that contain files. The module doesn't sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files. This vulnerability is mitigated ...
CVE-2013-4502
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...
Design/Logic Flaw
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...
CVE-2013-4502
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...
CVE-2013-4502
The CVE-2013-4502 entry concerns the Drupal contributed module FileField Sources. Affected versions are FileField Sources 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9. The root cause is improper file permission checks when attaching files, enabling remote authenticated users to read arbitrar...
Fedora Update for drupal6-filefield FEDORA-2014-2648
Check for the Version of drupal6-filefield OpenVAS Vulnerability Test Fedora Update for drupal6-filefield FEDORA-2014-2648 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...