Photo Server 2.0 Shell Upload / Command Injection

Title: ====== Photo Server 2.0 iOS - Multiple Critical Vulnerabilities Date: ===== 2013-07-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1029 VL-ID: ===== 1029 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: =============...

Fedora 18 : drupal6-6.27-1.fc18 / drupal7-7.18-1.fc18 (2012-20746)

Upstream Drupal has reported SA-CORE-2012-004 1 which corrects multiple vulnerabilities : 1 Access bypass User module search - Drupal 6 and 7 2 Access bypass Upload module - Drupal 6 3 Arbitrary PHP code execution File upload modules - Drupal 6 and 7 CVEs have been requested and are not yet...

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Access bypass User module search - Drupal 6 and 7 A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users. This...

Joomla Simple File Upload Module Remote Code Execution Vulnerability

This host is running Joomla Simple File Upload Module and is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlasimplefileuploadcodeexecvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Joomla Simple File Upload Module Remote Code Execution Vulnerability Authors: Madhur...

Debian Security Advisory DSA 2113-1 (drupal6)

The remote host is missing an update to drupal6 announced via advisory DSA 2113-1. OpenVAS Vulnerability Test $Id: deb21131.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2113-1 drupal6 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Design/Logic Flaw

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar...

CVE-2010-3092

The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar...

CVE-2010-3092

CVE-2010-3092 affects Drupal 5.x before 5.23 and 6.x before 6.18. The issue arises in the upload module due to improper case-insensitive filename handling in a database configuration, allowing remote authenticated users to bypass file-download restrictions by uploading a differently named file wi...

DSA-2113-1 drupal6 - several vulnerabilities

Bulletin has no description...

Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Flatnux 2009-03-27 Upload/ID Multiple Remote Vulnerabilities ============================================================== Author: girex Date: 17/04/2009 CMS: flatnux-2009-03-...

CVE-2008-4790

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors...

CVE-2008-4790

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors...

Design/Logic Flaw

The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors...

Input validation

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...

CVE-2008-4789

CVE-2008-4789 — Drupal core upgrade/validation issue. The vulnerability affects Drupal 6.x before 6.5, where the validation logic in the core upload module allows remote authenticated users to bypass access controls and attach files to content. The root cause is described as a logic error in vali...

CVE-2008-4789

The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error."...

CVE-2008-4790

Drupal Core Multiple Vulnerabilities (CVE-2008-4790): The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass access restrictions and read files attached to content via unknown vectors. Affected version range: 5.x

FreeBSD : drupal -- multiple vulnerabilities (12efc567-9879-11dd-a5e7-0030843d3802)

The Drupal Project reports : A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

drupal -- multiple vulnerabilities

The Drupal Project reports: A logic error in the core upload module validation allowed unprivileged users to attach files to content. Users can view files attached to content which they do not otherwise have access to. If the core upload module is not enabled, your site will not be affected. A...

CVE-2008-3745

The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors...