1. Reverse Engineering >
  2. Exploits >
  3. Drupal up to 6.3 cross site request forgery


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Drupal up to 6.3 cross site request forgery

RSS Kategorie Pfeil Exploits vom | Quelle: vuldb.com Direktlink öffnen

A vulnerability was found in Drupal up to 6.3 (Content Management System). It has been declared as problematic. Affected by this vulnerability is some unknown functionality. Upgrading to version 5.7 eliminates this vulnerability. A possible mitigation has been published 2 weeks after the disclosure of the vulnerability....

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Drupal up to 6.3 cross site request forgery






Ähnliche Beiträge

  • 1. [SA-CORE-2019-004] Cross Site Scripting in the File module/subsystem vom 1177.39 Punkte ic_school_black_18dp
    Under certain circumstances the File module/subsystem allowed a malicious user to upload a file that could trigger a cross-site scripting (XSS) vulnerability. Part of security release SA-CORE-2019-004 This vulnerability affects the following appl
  • 2. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.5 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 3. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.5 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 4. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.5 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 5. [SA-CORE-2019-002] Arbitrary PHP code execution vom 1077.5 Punkte ic_school_black_18dp
    A remote code execution vulnerability existed in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) could be performing file operations on insufficiently validated u
  • 6. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.25 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 7. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.25 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 8. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.25 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 9. [SA-CORE-2018-001] JavaScript cross-site scripting prevention is incomplete vom 918.25 Punkte ic_school_black_18dp
    Drupal has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML. This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vul
  • 10. Injection in DefaultMailSystem::mail() vom 756.98 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 11. Injection in DefaultMailSystem::mail() vom 756.98 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0
  • 12. Injection in DefaultMailSystem::mail() vom 756.98 Punkte ic_school_black_18dp
    When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. Part of security release SA-CORE-2018-006 This vulnerability affects the following application versions: Drupal 7.0