Drupal Creative Commons module version 6.x suffers from a cross site scripting vulnerability.
cd7543b39866fa90a05ae4e94480fc308d2a02154efdb0ede21f8750010f1192This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.
f0577a61447bee5c1e01e80e2168cbe148e2d1b04abd7c1f41da56482db6d02bThis Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cdThis Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.
c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.
c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).
691c983b834cd1c1cc4abb9e799af2e45516125311bba33d60aa227a917ea11bThis Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).
59c783da21c64e0178897d8573702afbd579b90f368e1d6b75b500bd779f1e7dDrupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.
f35969a96fc3edeea7c6ff6dae1ff02d6ed45becae3aa463f435daf8161a7cfcDrupal Media third party module version 7.x suffers from an access bypass vulnerability.
788620c3b1096f9a618f78e9cf1d11b2d3bbac90e91288beb38628472691bed3Drupal core versions 6.x and 7.x suffer from an information disclosure vulnerability.
d6b9175b4fe7d2cf479272239c936cb726c738b518c09e466fc28b3a4afc3d18Drupal Creative Theme third party theme version 7.x suffers from a cross site scripting vulnerability.
7bd2d548ef1246483a1fd41308d4a1e69523c2b176e17fc4f0b8011557748495Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities.
34d3057e774046cc520c1382be17b13f86fced4961308ef915eed34cc0f4d906Drupal Hostmaster third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
7c02451f79ba6d4bfe66bd38a9d30bc0c21b9498c33fec40e740f123d695f5e5Drupal Post Affiliate Pro third party module version 6.x suffers from access bypass and cross site scripting vulnerabilities.
24cfc303df362d58ad5a3d229f184bbbbe3f53d9a28d7441c2155d9f83548fecDrupal Smart Breadcrumb third party module version 6.x suffers from a cross site scripting vulnerability.
efa13b22a802826add663af52ab799213ef8c7c5710a4d1d236b277a44d092b9Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.
40c8ec8f9df7dad38b0ad224dba92d7d02b70026bf96f514a6175e20c372358fDrupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.
63170eba807768a010da595df4dddb13c2785adc91ef336d17dba438e6e4529eDrupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.
428d5b6520531f667f0acba061d8065b99422d711534fc15464d0b9a3b4484c0Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.
36d9fe6ce102a37af9b9492b283c97f2a58c3c56ba899f58ed895476c8340d9aDrupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.
a47f36a7e495dfe126c617066ca5b1b54c1d5f7fbbb0d529e96938c7f61f65baDrupal cctags third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.
11ecbee9842079b4c09e2b8895b9e82e8b925e6afe795af24ad7e05b1025e56cDrupal Glossify Internal Links Auto SEO third party module version 6.x suffers from a cross site scripting vulnerability.
23a814bf3a31bf4c83ad7c8f343361d4794c4001adf51ccff631fe79bc2f5025Drupal Taxonomy Grid third party module version 6.x suffers from a cross site scripting vulnerability.
fbff5b269285635ebdc10ce14a8c7ce6b2926823f90e0bfe9d1188ccd2221fdfDrupal Addressbook third party module version 6.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
7994d736cf2e91b7252f62a8db4cd765bb6acd7196b0616a1b30cfe7d01070c4Drupal Node Gallery third party module version 6.x suffers from a cross site request forgery vulnerability.
8da028cf40bb77bea6c4ba79b38b8ffd73eb6ca126bfae05eed9608c401f9f8fDrupal Linkit module version 7.x suffers from an access bypass vulnerability.
efc81d938cddf7b5703159d40aae904f3759e7900541b5a8edcdd9c2d8882401
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed