Vulnerability & Exploit Database

Displaying entries 1 - 10 of 305 in total

Results for: drupal Back to search

Drupal: CVE-2018-14773: Symfony includes a risky HTTP header that allows access control bypass Vulnerability

  • Severity: 4
  • Published: August 03, 2018

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP req...

Alpine Linux: CVE-2018-7602: drupal7 Remote Code Execution Vulnerability

  • Severity: 8
  • Published: April 26, 2018

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. ...

Drupal: CVE-2018-7602: Remote Code Execution - SA-CORE-2018-004 Vulnerability

  • Severity: 8
  • Published: April 25, 2018

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. ...

Debian: CVE-2018-7602: drupal7 -- security update Vulnerability

  • Severity: 8
  • Published: April 25, 2018

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. ...

Drupal: CVE-2018-7600: Remote Code Execution - SA-CORE-2018-002 Vulnerability

  • Severity: 8
  • Published: March 29, 2018

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

Drupal: CVE-2017-6929: jQuery vulnerability with untrusted domains Vulnerability

  • Severity: 4
  • Published: March 01, 2018

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it ...