Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2014-3704

Status Candidate

Overview

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Related Files

Mandriva Linux Security Advisory 2015-181
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750
MD5 | 0240fabab23e9a0a598709267a074bb3
Drupal HTTP Parameter Key/Value SQL Injection
Posted Oct 18, 2014
Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

tags | exploit, remote, web, shell, sql injection
advisories | CVE-2014-3704
MD5 | a8306d84d19d3095b312666b206546a1
Drupal 7.x SQL Injection
Posted Oct 17, 2014
Authored by Milan Kragujevic

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.

tags | exploit, remote, php, sql injection
advisories | CVE-2014-3704
MD5 | 4374a49993ddf148ef027f0be432f32c
Drupal Core 7.32 SQL Injection
Posted Oct 17, 2014
Authored by fyukyuk

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.

tags | exploit, remote, sql injection, python
advisories | CVE-2014-3704
MD5 | 1e5dc71fd7b0abe1041c10cd3b5d6936
Debian Security Advisory 3051-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

tags | advisory, sql injection
systems | linux, debian
advisories | CVE-2014-3704
MD5 | 699b6ce677aa0c81fbfe82879530da48
Drupal 7.X SQL Injection
Posted Oct 16, 2014
Authored by Claudio Viviani

Drupal versions 7.0 through 7.31 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3704
MD5 | 8244a1135ddb4e99909b9a3e3d2bce43
Drupal 7.31 SQL Injection
Posted Oct 16, 2014
Authored by Stefan Horst

Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-3704
MD5 | dc7a6339ae60c1eec1fa92e072331db4
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    7 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    40 Files
  • 23
    May 23rd
    61 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close