EUVD-2022-6493

Malicious code in bioql PyPI...

CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

UBUNTU-CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

Remote Code Execution

drupal/core is vulnerable to remote code execution. A remote attacker is able to bypass protections provided in sanitizeName function because the filenames with .htaccess extension are not properly sanitized, which allows the attacker to upload and execute malicious code on the system under attac...

PT-2022-3918 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal core versions 7, 9.3, and 9.4 Description: The issue arises from the incorrect interaction between two protections in Drupal core: one that sanitizes filenames with dangerous extensions upon upload and another that strips leading and...