1. Reverse Engineering >
  2. Sicherheitslücken >
  3. [SA-CORE-2020-012] Remote code execution

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

[SA-CORE-2020-012] Remote code execution


Exploits vom | Direktlink: portal.patchman.co Nachrichten Bewertung

Drupal core did not properly sanitize certain filenames on uploaded files, which could lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.

This vulnerability affects the following application versions:

  • Drupal 7.0
  • Drupal 7.1
  • Drupal 7.2
  • Drupal 7.3
  • Drupal 7.4
  • Drupal 7.5
  • Drupal 7.6
  • Drupal 7.7
  • Drupal 7.8
  • Drupal 7.9
  • Drupal 7.10
  • Drupal 7.11
  • Drupal 7.12
  • Drupal 7.13
  • Drupal 7.14
  • Drupal 7.15
  • Drupal 7.16
  • Drupal 7.17
  • Drupal 7.18
  • Drupal 7.19
  • Drupal 7.20
  • Drupal 7.21
  • Drupal 7.22
  • Drupal 7.23
  • Drupal 7.24
  • Drupal 7.25
  • Drupal 7.26
  • Drupal 7.27
  • Drupal 7.28
  • Drupal 7.29
  • Drupal 7.30
  • Drupal 7.31
  • Drupal 7.32
  • Drupal 7.33
  • Drupal 7.34
  • Drupal 7.35
  • Drupal 7.36
  • Drupal 7.37
  • Drupal 7.38
  • Drupal 7.39
  • Drupal 7.40
  • Drupal 7.41
  • Drupal 7.42
  • Drupal 7.43
  • Drupal 7.44
  • Drupal 7.50
  • Drupal 7.51
  • Drupal 7.52
  • Drupal 7.53
  • Drupal 7.54
  • Drupal 7.55
  • Drupal 7.56
  • Drupal 7.57
  • Drupal 7.58
  • Drupal 7.59
  • Drupal 7.60
  • Drupal 7.61
  • Drupal 7.62
  • Drupal 7.63
  • Drupal 7.64
  • Drupal 7.65
  • Drupal 7.66
  • Drupal 7.67
  • Drupal 7.68
  • Drupal 7.69
  • Drupal 7.70
  • Drupal 7.71
  • Drupal 7.72
  • Drupal 7.73
  • Drupal 8.0.0
  • Drupal 8.0.1
  • Drupal 8.0.2
  • Drupal 8.0.3
  • Drupal 8.0.4
  • Drupal 8.0.5
  • Drupal 8.0.6
  • Drupal 8.1.0
  • Drupal 8.1.1
  • Drupal 8.1.2
  • Drupal 8.1.3
  • Drupal 8.1.4
  • Drupal 8.1.5
  • Drupal 8.1.6
  • Drupal 8.1.7
  • Drupal 8.1.8
  • Drupal 8.1.9
  • Drupal 8.1.10
  • Drupal 8.2.0
  • Drupal 8.2.1
  • Drupal 8.2.2
  • Drupal 8.2.3
  • Drupal 8.2.4
  • Drupal 8.2.5
  • Drupal 8.2.6
  • Drupal 8.2.7
  • Drupal 8.2.8
  • Drupal 8.3.0
  • Drupal 8.3.1
  • Drupal 8.3.2
  • Drupal 8.3.3
  • Drupal 8.3.4
  • Drupal 8.3.5
  • Drupal 8.3.6
  • Drupal 8.3.7
  • Drupal 8.3.8
  • Drupal 8.3.9
  • Drupal 8.4.0
  • Drupal 8.4.1
  • Drupal 8.4.2
  • Drupal 8.4.3
  • Drupal 8.4.4
  • Drupal 8.4.5
  • Drupal 8.4.6
  • Drupal 8.4.7
  • Drupal 8.4.8
  • Drupal 8.5.0
  • Drupal 8.5.1
  • Drupal 8.5.2
  • Drupal 8.5.3
  • Drupal 8.5.4
  • Drupal 8.5.5
  • Drupal 8.5.6
  • Drupal 8.5.7
  • Drupal 8.5.8
  • Drupal 8.5.9
  • Drupal 8.5.10
  • Drupal 8.5.11
  • Drupal 8.5.12
  • Drupal 8.5.13
  • Drupal 8.5.14
  • Drupal 8.5.15
  • Drupal 8.6.0
  • Drupal 8.6.1
  • Drupal 8.6.2
  • Drupal 8.6.3
  • Drupal 8.6.4
  • Drupal 8.6.5
  • Drupal 8.6.6
  • Drupal 8.6.7
  • Drupal 8.6.8
  • Drupal 8.6.9
  • Drupal 8.6.10
  • Drupal 8.6.11
  • Drupal 8.6.12
  • Drupal 8.6.13
  • Drupal 8.6.14
  • Drupal 8.6.15
  • Drupal 8.6.16
  • Drupal 8.6.17
  • Drupal 8.6.18
  • Drupal 8.7.0
  • Drupal 8.7.1
  • Drupal 8.7.2
  • Drupal 8.7.3
  • Drupal 8.7.4
  • Drupal 8.7.5
  • Drupal 8.7.6
  • Drupal 8.7.7
  • Drupal 8.7.8
  • Drupal 8.7.9
  • Drupal 8.7.10
  • Drupal 8.7.11
  • Drupal 8.7.12
  • Drupal 8.7.13
  • Drupal 8.7.14
  • Drupal 8.8.0
  • Drupal 8.8.1
  • Drupal 8.8.2
  • Drupal 8.8.3
  • Drupal 8.8.4
  • Drupal 8.8.5
  • Drupal 8.8.6
  • Drupal 8.8.7
  • Drupal 8.8.8
  • Drupal 8.8.9
  • Drupal 8.8.10
  • Drupal 8.9.0
  • Drupal 8.9.1
  • Drupal 8.9.2
  • Drupal 8.9.3
  • Drupal 8.9.4
  • Drupal 8.9.5
  • Drupal 8.9.6
  • Drupal 8.9.7
  • Drupal 8.9.8
  • Drupal 9.0.0
  • Drupal 9.0.1
  • Drupal 9.0.2
  • Drupal 9.0.3
  • Drupal 9.0.4
  • Drupal 9.0.5
  • Drupal 9.0.6
  • Drupal 9.0.7
...
https://portal.patchman.co/detections/rss/vulnerabilities/4263

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Announcing .NET Core 3.0

vom 900.92 Punkte ic_school_black_18dp
Announcing .NET Core 3.0 We’re excited to announce the release of .NET Core 3.0. It includes many improvements, including adding Windows Forms and WPF, adding new JSON APIs, support for ARM64 and improving performance across the board. C# 8 is als

Regex Performance Improvements in .NET 5

vom 815.87 Punkte ic_school_black_18dp
The System.Text.RegularExpressions namespace has been in .NET for years, all the way back to .NET Framework 1.1. It’s used in hundreds of places within the .NET implementation itself, and directly by thousands upon thousands of applications. Across all of t

ConfigureAwait FAQ

vom 744.03 Punkte ic_school_black_18dp
.NET added async/await to the languages and libraries over seven years ago. In that time, it’s caught on like wildfire, not only across the .NET ecosystem, but also being replicated in a myriad of other languages and frameworks. It’s also seen a ton of im

Local Privilege Escalation in Win32k.sys Through Indexed Color Palettes

vom 691.59 Punkte ic_school_black_18dp
This is the second in our series of Top 5 interesting cases from 2019. Each of these bugs has some element that sets them apart from the more than 1,000 advisories released by the program this year. Today’s blog looks a local privilege escalation in t

Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

vom 668.65 Punkte ic_school_black_18dp
Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be

CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification

vom 571.32 Punkte ic_school_black_18dp
During the recent Pwn2Own 2020 competition, Manfred Paul (@_manfp) of RedRocket CTF used an improper input validation bug in the Linux kernel to go from a standard user to root. Manfred used this bug during the contest to win $30,000 in the Privilege Escalation categ

Bunkerized-Nginx - Nginx Docker Image Secure By Default

vom 557.19 Punkte ic_school_black_18dp
nginx Docker image secure by default. Avoid the hassle of following security best practices each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself. Non

Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet

vom 554.67 Punkte ic_school_black_18dp
A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet.Development Status frp is under development. Try the latest release version in the master branch, or use the dev branch for the version in development. Th

Diving Deep Into a Pwn2Own Winning WebKit Bug

vom 547.86 Punkte ic_school_black_18dp
Pwn2Own Tokyo just completed, and it got me thinking about a WebKit bug used by the team of Fluoroacetate (Amat Cama and Richard Zhu) at this year’s Pwn2Own in Vancouver. It was a part of the chain that earned them $55,000 and was a nifty piece of

Announcing TypeScript 3.7

vom 528.29 Punkte ic_school_black_18dp
We’re thrilled to announce the release of TypeScript 3.7, a release packed with awesome new language, compiler, and tooling features. If you haven’t yet heard of TypeScript, it’s a language based on JavaScript that adds static type-checking along wit

Announcing TypeScript 3.8

vom 484.31 Punkte ic_school_black_18dp
Today we’re proud to release TypeScript 3.8! For those unfamiliar with TypeScript, it’s a language that adds syntax for types on top of JavaScript which can be analyzed through a process called static type-checking. This type-checking can tell us about

Try out Nullable Reference Types

vom 483.35 Punkte ic_school_black_18dp
Try out Nullable Reference Types With the release of .NET Core 3.0 Preview 7, C# 8.0 is considered "feature complete". That means that the biggest feature of them all, Nullable Reference Types, is also locked down behavior-wise for the .NET Core release. It w

Team Security Diskussion über [SA-CORE-2020-012] Remote code execution