exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Drupal FileField 6.x Access Bypass
Posted Feb 12, 2014
Authored by Stella Power | Site drupal.org

Drupal FileField third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | a2cbc690200652a7ecc5ae0451604ba76d7049ba9fc2eb6e4ed8837da45f799d

Related Files

Drupal RESTful Web Services unserialize() Remote Code Execution
Posted Mar 6, 2019
Authored by wvu, Charles FOL, Jasper Mattsson, Rotem Reiss | Site metasploit.com

This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.

tags | exploit, web, php
advisories | CVE-2019-6340
SHA-256 | f0577a61447bee5c1e01e80e2168cbe148e2d1b04abd7c1f41da56482db6d02b
Drupal Drupalgeddon 2 Forms API Property Injection
Posted Apr 26, 2018
Authored by FireFart, wvu, Nixawk, a2u, Jasper Mattsson | Site metasploit.com

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.

tags | exploit
advisories | CVE-2018-7600
SHA-256 | d8e06fe66e7a7c70257d472a150741719f1392fb6c548c25bee9d61d4f3a78cd
Drupal CODER Module Remote Command Execution
Posted Jul 26, 2016
Authored by Mehmet Ince, Nicky Bloor | Site metasploit.com

This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php
systems | linux, ubuntu
SHA-256 | c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0
Drupal RESTWS Module Remote PHP Code Execution
Posted Jul 21, 2016
Authored by Mehmet Ince, Devin Zuczek | Site metasploit.com

This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.

tags | exploit, remote, web, arbitrary, php, code execution
systems | linux, ubuntu
SHA-256 | c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5
Drupal / WordPress Memory Exhaustion
Posted Dec 1, 2014
Authored by Javer Nieto, Andres Rojas

A vulnerability present in Drupal versions prior to 7.34 and WordPress versions prior to 4.0.1 allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service).

tags | exploit, denial of service
advisories | CVE-2014-9016, CVE-2014-9034
SHA-256 | 691c983b834cd1c1cc4abb9e799af2e45516125311bba33d60aa227a917ea11b
Drupal HTTP Parameter Key/Value SQL Injection
Posted Oct 18, 2014
Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

tags | exploit, remote, web, shell, sql injection
advisories | CVE-2014-3704
SHA-256 | 59c783da21c64e0178897d8573702afbd579b90f368e1d6b75b500bd779f1e7d
Drupal 7.31 SQL Injection
Posted Oct 16, 2014
Authored by Stefan Horst

Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-3704
SHA-256 | f35969a96fc3edeea7c6ff6dae1ff02d6ed45becae3aa463f435daf8161a7cfc
Drupal Media 7.x Access Bypass
Posted Jan 9, 2014
Authored by Dave Reid, robearls | Site drupal.org

Drupal Media third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 788620c3b1096f9a618f78e9cf1d11b2d3bbac90e91288beb38628472691bed3
Drupal FileField Sources 6.x / 7.x Access Bypass
Posted Oct 30, 2013
Authored by Joseph Lee | Site drupal.org

Drupal FileField Sources third party module versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | c2a6873038096514898f156b6894638a36a0ea0f9ec50e33e715d4526442147e
Drupal Core 6.x / 7.x Information Disclosure
Posted Sep 5, 2013
Authored by Aaron Weiss | Site drupal.org

Drupal core versions 6.x and 7.x suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | d6b9175b4fe7d2cf479272239c936cb726c738b518c09e466fc28b3a4afc3d18
Drupal 6.x / 7.18 Information Disclosure
Posted Jan 2, 2013
Authored by KedAns-Dz

Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities.

tags | exploit, vulnerability, info disclosure
SHA-256 | 34d3057e774046cc520c1382be17b13f86fced4961308ef915eed34cc0f4d906
Drupal FileField Sources 6.x / 7.x Cross Site Scripting
Posted Sep 20, 2012
Site drupal.org

Drupal FileField Sources third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 0646e1fe21f62ed1d52ec65355c19564768e53a5661aaf10d969102bf843370e
Drupal Advertisement 6.x Cross Site Scripting
Posted May 16, 2012
Authored by Andrew Berry | Site drupal.org

Drupal Advertisement third party module version 6.x suffers from cross site scripting and information disclosure vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure
SHA-256 | 40c8ec8f9df7dad38b0ad224dba92d7d02b70026bf96f514a6175e20c372358f
Drupal Ubercart Product Keys 6.x Access Bypass
Posted May 16, 2012
Authored by Daniel Glucksman | Site drupal.org

Drupal Ubercart Product Keys third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 63170eba807768a010da595df4dddb13c2785adc91ef336d17dba438e6e4529e
Drupal Take Control 6.x Cross Site Request Forgery
Posted May 10, 2012
Authored by Carl Wiedemann | Site drupal.org

Drupal Take Control third party module version 6.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 428d5b6520531f667f0acba061d8065b99422d711534fc15464d0b9a3b4484c0
Drupal Contact Forms 7.x Access Bypass
Posted May 10, 2012
Authored by Vlad D. | Site drupal.org

Drupal Contact Forms third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 36d9fe6ce102a37af9b9492b283c97f2a58c3c56ba899f58ed895476c8340d9a
Drupal Glossary 6.x Cross Site Scripting
Posted May 10, 2012
Authored by Dylan Wilder-Tack | Site drupal.org

Drupal Glossary third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | a47f36a7e495dfe126c617066ca5b1b54c1d5f7fbbb0d529e96938c7f61f65ba
Drupal cctags 6.x / 7.x Cross Site Scripting
Posted May 2, 2012
Authored by Michael Hess, Greg Knaddison | Site drupal.org

Drupal cctags third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 11ecbee9842079b4c09e2b8895b9e82e8b925e6afe795af24ad7e05b1025e56c
Drupal Glossify Internal Links Auto SEO 6.x Cross Site Scripting
Posted May 2, 2012
Authored by Andrei Turcanu | Site drupal.org

Drupal Glossify Internal Links Auto SEO third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 23a814bf3a31bf4c83ad7c8f343361d4794c4001adf51ccff631fe79bc2f5025
Drupal Taxonomy Grid 6.x Cross Site Scripting
Posted May 2, 2012
Authored by Dylan Tack | Site drupal.org

Drupal Taxonomy Grid third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | fbff5b269285635ebdc10ce14a8c7ce6b2926823f90e0bfe9d1188ccd2221fdf
Drupal Addressbook 6.x XSS / CSRF / SQL Injection
Posted May 2, 2012
Authored by Michael Hess | Site drupal.org

Drupal Addressbook third party module version 6.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 7994d736cf2e91b7252f62a8db4cd765bb6acd7196b0616a1b30cfe7d01070c4
Drupal Node Gallery 6.x Cross Site Request Forgery
Posted May 2, 2012
Authored by Andrew Berry | Site drupal.org

Drupal Node Gallery third party module version 6.x suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 8da028cf40bb77bea6c4ba79b38b8ffd73eb6ca126bfae05eed9608c401f9f8f
Drupal Linkit 7.x Access Bypass
Posted Apr 25, 2012
Authored by PAULAP | Site drupal.org

Drupal Linkit module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | efc81d938cddf7b5703159d40aae904f3759e7900541b5a8edcdd9c2d8882401
Drupal Spaces 6.x Access Bypass
Posted Apr 25, 2012
Authored by hefox | Site drupal.org

Drupal Spaces module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 347ac91feb7acc6375b733a9114268dd653f58fb484c9eedc306f8462aec4fd9
Drupal Site Documentation 6.x Information Disclosure
Posted Apr 25, 2012
Authored by Jakub Suchy | Site drupal.org

Drupal Site Documentation version 6.x suffers from an information disclosure vulnerability.

tags | advisory, info disclosure
SHA-256 | 4deadfa9ab12cae4f4a040ed36b5884ad4ff166adbf02566eb2e9c63746223a7
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close