Lucene search
K

5 matches found

seebug.org
seebug.org
added 2014/03/11 12:0 a.m.23 views

Drupal Mime Mail Module文件附件安全绕过漏洞

Bugtraq ID:65996 Drupal是一套开放源码的内容管理平台。 Drupal Mime Mail Module不正确校验附件文件路径,允许远程攻击者利用漏洞添加任意文件并获取敏感信息。 0 Drupal Mime Mail Module 6.x 厂商补丁: Drupal ----- Drupal Mime Mail Module 6.x-1.4已经修复该漏洞,建议用户下载更新: https://drupal.org/node/2211419...

7.1AI score
Exploits0
NVD
NVD
added 2012/10/31 4:55 p.m.26 views

CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...

4CVSS6.4AI score0.012EPSS
Exploits0References6
Prion
Prion
added 2012/10/31 4:55 p.m.22 views

Design/Logic Flaw

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...

4CVSS7AI score0.012EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/10/31 4:0 p.m.41 views

CVE-2012-4495

CVE-2012-4495 affects the Drupal Mime Mail module (6.x-1.x before 6.x-1.1). The root cause is improper restriction of access to files outside Drupal’s publish files directory, allowing remote authenticated users to send arbitrary files as attachments. Impact is that authenticated users can attach...

4CVSS6.6AI score0.012EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/10/31 4:0 p.m.28 views

CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments...

6.4AI score0.012EPSS
Exploits0References6
Rows per page
Query Builder