1. Reverse Engineering >
  2. Exploits >
  3. Drupal 6.0/6.1/6.2/6.3 cross site request forgery


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Drupal 6.0/6.1/6.2/6.3 cross site request forgery

RSS Kategorie Pfeil Exploits vom | Quelle: vuldb.com Direktlink öffnen

A vulnerability was found in Drupal 6.0/6.1/6.2/6.3 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown part. Upgrading to version 6.1 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability....

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Drupal 6.0/6.1/6.2/6.3 cross site request forgery






Ähnliche Beiträge

  • 1. [SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem vom 1177.36 Punkte ic_school_black_18dp
    Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following appl
  • 2. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.47 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 3. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.47 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 4. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.47 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 5. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.47 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 6. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.22 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 7. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.22 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 8. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.22 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 9. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.22 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 10. Injection in DefaultMailSystem::mail() vom 756.96 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 11. Injection in DefaultMailSystem::mail() vom 756.96 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 12. Injection in DefaultMailSystem::mail() vom 756.96 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0