Lucene search
K

7 matches found

The Hacker News
The Hacker News
added 2016/07/14 12:34 a.m.14 views

3 Popular Drupal Modules Found Vulnerable — Patch Released

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution RCE bugs that could allow attackers to fully take over any affected site. Below are the three separate Drup...

8.1AI score
Exploits0
ThreatPost
ThreatPost
added 2016/07/13 3:33 p.m.11 views

Drupal Patches Three Remote Code Execution Vulnerabilities in Modules

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...

0.1AI score
Exploits0References7
NVD
NVD
added 2015/06/15 2:59 p.m.14 views

CVE-2015-4379

Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...

6.8CVSS7.1AI score0.0074EPSS
Exploits0References5
Prion
Prion
added 2015/06/15 2:59 p.m.13 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...

6.8CVSS7.6AI score0.0074EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2015/06/15 2:0 p.m.44 views

CVE-2015-4379

CVE-2015-4379 affects the Drupal Webform Multiple File Upload module (versions 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3). The underlying issue is a CSRF vulnerability that allows remote attackers to hijack the authentication of certain users to perform file-deletion actions via unspe...

6.8CVSS7.3AI score0.0074EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.21 views

CVE-2015-4379

Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...

7.1AI score0.0074EPSS
Exploits0References5
Drupal
Drupal
added 2015/03/25 12:0 a.m.24 views

Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083

Webform Multiple File Upload module enables you to upload multiple files at once in webforms. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with edit access to webforms to delete files by getting their browser to make a request to a...

6.8CVSS6.4AI score0.0074EPSS
Exploits0References9
Rows per page
Query Builder