what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Drupal Contact Save 6.x Cross Site Scripting
Posted Mar 29, 2012
Authored by Stella Power | Site drupal.org

The Drupal Contact Save module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 4f3ea4adabb18907ffc82b631487d5e06d8fd821187f9b3c6847ab996799d1e6

Related Files

Drupal RESTful Web Services unserialize() Remote Code Execution
Posted Mar 6, 2019
Authored by wvu, Charles FOL, Jasper Mattsson, Rotem Reiss | Site metasploit.com

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

tags | exploit, web, php
advisories | CVE-2019-6340
SHA-256 | f0577a61447bee5c1e01e80e2168cbe148e2d1b04abd7c1f41da56482db6d02b
Drupal Drupalgeddon 2 Forms API Property Injection
Posted Apr 26, 2018
Authored by FireFart, wvu, Nixawk, a2u, Jasper Mattsson | Site metasploit.com

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.

tags | exploit
advisories | CVE-2018-7600
SHA-256 | d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd
Debian Security Advisory 4123-1
Posted Feb 24, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4123-1 - Multiple vulnerabilities have been found in the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 7599433179ec5ad563e391e5a5537668a83a04123eed412d7bfe4ce04bc0f167
Drupal CODER Module Remote Command Execution
Posted Jul 26, 2016
Authored by Mehmet Ince, Nicky Bloor | Site metasploit.com

This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php
systems | linux, ubuntu
SHA-256 | c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0
Drupal RESTWS Module Remote PHP Code Execution
Posted Jul 21, 2016
Authored by Mehmet Ince, Devin Zuczek | Site metasploit.com

This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php, code execution
systems | linux, ubuntu
SHA-256 | c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5
Debian Security Advisory 3604-1
Posted Jun 17, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3604-1 - A privilege escalation vulnerability has been found in the User module of the Drupal content management framework.

tags | advisory
systems | linux, debian
SHA-256 | 8f79d23f66f6e046a4caf4392ad8e9054d091240e38bd46fc6c498783c860d7c
Debian Security Advisory 3498-1
Posted Feb 29, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3498-1 - Multiple security vulnerabilities have been found in the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | d05d759600212f327451853cf50f35c896fca22c35d1590b3a6cb5d8b118e93b
Debian Security Advisory 3200-1
Posted Mar 23, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3200-1 - Multiple vulnerabilities have been found the Drupal content management framework.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-2559
SHA-256 | a5762218d705df594d18221d639a29bd5c5b1bcf466aa1154783cad00ccadb0b
Drupal / WordPress Memory Exhaustion
Posted Dec 1, 2014
Authored by Javer Nieto, Andres Rojas

A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

tags | exploit, denial of service
advisories | CVE-2014-9016, CVE-2014-9034
SHA-256 | 691c983b834cd1c1cc4abb9e799af2e45516125311bba33d60aa227a917ea11b
Drupal HTTP Parameter Key/Value SQL Injection
Posted Oct 18, 2014
Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

tags | exploit, remote, web, shell, sql injection
advisories | CVE-2014-3704
SHA-256 | 59c783da21c64e0178897d8573702afbd579b90f368e1d6b75b500bd779f1e7d
Drupal 7.31 SQL Injection
Posted Oct 16, 2014
Authored by Stefan Horst

Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-3704
SHA-256 | f35969a96fc3edeea7c6ff6dae1ff02d6ed45becae3aa463f435daf8161a7cfc
Debian Security Advisory 2983-1
Posted Jul 21, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2983-1 - Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.

tags | advisory, denial of service, xss
systems | linux, debian
SHA-256 | 938dadbb8de11e8c9f694b1d0aa220d43066d093cbf3007b9fcf5251f03c8315
Drupal Media 7.x Access Bypass
Posted Jan 9, 2014
Authored by Dave Reid, robearls | Site drupal.org

Drupal Media third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 788620c3b1096f9a618f78e9cf1d11b2d3bbac90e91288beb38628472691bed3
Debian Security Advisory 2776-1
Posted Oct 11, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2776-1 - Multiple vulnerabilities have been been fixed in the Drupal content management framework, resulting in information disclosure, insufficient validation, cross-site scripting and cross-site request forgery.

tags | advisory, vulnerability, xss, info disclosure, csrf
systems | linux, debian
advisories | CVE-2012-0825, CVE-2012-0826, CVE-2012-5651, CVE-2012-5652, CVE-2012-5653, CVE-2013-0244, CVE-2013-0245
SHA-256 | 45a72bfd68d855596936144a4be64a54d8096cdaf8020e5dd7667dc60a77524e
Drupal Core 6.x / 7.x Information Disclosure
Posted Sep 5, 2013
Authored by Aaron Weiss | Site drupal.org

Drupal core versions 6.x and 7.x suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | d6b9175b4fe7d2cf479272239c936cb726c738b518c09e466fc28b3a4afc3d18
Drupal 6.x / 7.18 Information Disclosure
Posted Jan 2, 2013
Authored by KedAns-Dz

Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 34d3057e774046cc520c1382be17b13f86fced4961308ef915eed34cc0f4d906
Drupal Linkit 7.x Access Bypass
Posted Apr 25, 2012
Authored by PAULAP | Site drupal.org

Drupal Linkit module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | efc81d938cddf7b5703159d40aae904f3759e7900541b5a8edcdd9c2d8882401
Drupal Spaces 6.x Access Bypass
Posted Apr 25, 2012
Authored by hefox | Site drupal.org

Drupal Spaces module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 347ac91feb7acc6375b733a9114268dd653f58fb484c9eedc306f8462aec4fd9
Drupal Site Documentation 6.x Information Disclosure
Posted Apr 25, 2012
Authored by Jakub Suchy | Site drupal.org

Drupal Site Documentation version 6.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 4deadfa9ab12cae4f4a040ed36b5884ad4ff166adbf02566eb2e9c63746223a7
Drupal Ubercart 6.x / 7.x XSS / PHP Code Execution
Posted Apr 25, 2012
Authored by Shaun Dychko, Dave Long, Lee Rowlands | Site drupal.org

Drupal Ubercart module versions 6.x and 7.x suffers from code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
SHA-256 | 8ad5e51b2e8211b46a86fd0884c4432816a13267ddf774999bf5b42ae172622a
Drupal RealName 6.x Cross Site Scripting
Posted Apr 25, 2012
Authored by Gabor Szanto, Dave Reid | Site drupal.org

Drupal RealName module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | ac32848d9a2bea11a8b9268c408786c21c6630e8ea7f32e8da717fb8ab2000c7
Drupal Creative Commons 6.x Cross Site Scripting
Posted Apr 25, 2012
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Creative Commons module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | cd7543b39866fa90a05ae4e94480fc308d2a02154efdb0ede21f8750010f1192
Drupal Gigya - Social Optimization 6.x Cross Site Scripting
Posted Apr 18, 2012
Authored by Marek Lyczba | Site drupal.org

Drupal Gigya - Social Optimization module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 5a648a49dcc4b4ce0da4b05ec58974c85fa9e0ade6360de5d89dc1e0ef413307
Drupal Commerce Reorder 7.x Cross Site Request Forgery
Posted Apr 18, 2012
Authored by Ivo Van Geertruyen | Site drupal.org

Drupal Commerce Reorder module version 7.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | e864c23fc70ff39f1ecdb1cc5443132330a3c198903dbbc639d16efcfe4c0520
Drupal Autosave 6.x / 7.x Cross Site Request Forgery
Posted Apr 12, 2012
Authored by Ryan Jud Hughes | Site drupal.org

The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | a5010955517768867cfa38f156ec8127f1676c81935ed688afd452e6df38d04e
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    4 Files
  • 19
    Aug 19th
    7 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close