Drupal AWTNF 6.x / 7.x Access Bypass
View online: http://drupal.org/node/1972976 * Advisory ID: DRUPAL-SA-CONTRIB-2013-045 * Project: Autocomplete Widgets for Text and Number Fields [1] (third-party module) * Version: 6.x, 7.x * Date:...
View ArticleDrupal elFinder File Mapper 6.x / 7.x CSRF
View online: http://drupal.org/node/1972942 * Advisory ID: DRUPAL-SA-CONTRIB-2013-044 * Project: elFinder file manager [1] (third-party module) * Version: 6.x, 7.x * Date: 2013-April-17 * Security...
View ArticleWordPress VideoJS multiple themes vulnerabilities
------------------------- Affected products: ------------------------- All versions of Covert VideoPress, Photolio, Source, Smartstart and Crius themes. Vulnerable are web applications which...
View ArticleDrupal CMS 7.12 Multiple Vulnerabilities
# Exploit Title : Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities # Date : 02-03-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Software link :...
View ArticleDrupal 6.x/7.x Google Authenticator login Access Bypass
Advisory ID: DRUPAL-SA-CONTRIB-2013-047 Project: Google Authenticator login (third-party module) Version: 6.x, 7.x Date: 2013-May-15 Security risk: Moderately critical Exploitable from: Remote...
View ArticleDrupal 7.22 / 6.28 Cross Site Scripting
NB: Before anyone gets their panties in a twist read the whole disclosure, this isn't the end of the world, sky-is-falling vulnerability you might be looking for, but I do believe it is serious. TLDR:...
View ArticleDrupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report Author: Justin C. Klein Keane <justin@madirish.net> Reported: 19 Feb, 2014 Description of Vulnerability: -...
View ArticleDrupal Flag 7.x-3.5 Command Execution
Drupal Flag 7.x-3.5 Module Vulnerability Report Author: Ubani Anthony Balogun <ubani@sas.upenn.edu> Reported: May 07, 2014 Module Description: - ------------------- Flag is a flexible...
View ArticleDrupal 5 / 6 / 7 Cross Site Scripting
Hi, There is a persistent XSS in Drupal versions 5.x, 6.x and 7.x ( I have not yet tested Drupal 8.x due to not being fully released ). The function which is vulnerable is the watchdog() function,...
View ArticleDrupal 7.X SQL Injection
#!/usr/bin/python # # # Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 # Inspired by yukyuk's P.o.C (https://www.reddit.com/user/fyukyuk) # # Tested on Drupal 7.31...
View ArticleDrupal Core 7.32 SQL Injection (PHP Version)
<?php #-----------------------------------------------------------------------------# # Exploit Title: Drupal core 7.x - SQL Injection # # Date: Oct 16 2014 # # Exploit Author: Dustin Dörr # #...
View ArticleDrupal Core 7.32 SQL Injection (python Version)
#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 #Creditz to https://www.reddit.com/user/fyukyuk import urllib2,sys from drupalpass import DrupalHash #...
View ArticleClik here to view.
Millions of websites hit by Drupal hack attack
Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software. The sites use Drupal to manage web content and images, text and video....
View ArticleDrupal 7 Videowhisper Cross Site Scripting
Hello, Cross Site Scripting (XSS) vulnerability exists in videowhisper module for Drupal 7. Vendor Notification: 22, Oct 2014 Vulnerable file:...
View ArticleDrupal Memory Exhaustion
==================================================================== DESCRIPTION: ==================================================================== A vulnerability present in Drupal < 7.34...
View Article
