1. Reverse Engineering >
  2. Exploits >
  3. Drupal 4.7.5/5.0 comment_form_add_preview memory corruption


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Drupal 4.7.5/5.0 comment_form_add_preview memory corruption

RSS Kategorie Pfeil Exploits vom | Quelle: vuldb.com Direktlink öffnen

A vulnerability classified as critical was found in Drupal 4.7.5/5.0 (Content Management System). This vulnerability affects the function comment_form_add_preview. Upgrading to version 4.7.6 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability....

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Drupal 4.7.5/5.0 comment_form_add_preview memory corruption






Ähnliche Beiträge

  • 1. [SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem vom 1184.53 Punkte ic_school_black_18dp
    Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following appl
  • 2. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1088.12 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 3. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1088.12 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 4. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1088.12 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 5. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1088.12 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 6. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 922.83 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 7. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 922.83 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 8. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 922.83 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 9. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 922.83 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 10. Injection in DefaultMailSystem::mail() vom 764.44 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 11. Injection in DefaultMailSystem::mail() vom 764.44 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 12. Injection in DefaultMailSystem::mail() vom 764.44 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0