exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-3704

Status Candidate

Overview

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

Related Files

Mandriva Linux Security Advisory 2015-181
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-181 - Updated drupal packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750
SHA-256 | 4fece48fbf9967314d0f4f390197211e43659b51085e37d95cea8466124db95a
Drupal HTTP Parameter Key/Value SQL Injection
Posted Oct 18, 2014
Authored by Brandon Perry, Christian Mehlmauer, SektionEins | Site metasploit.com

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

tags | exploit, remote, web, shell, sql injection
advisories | CVE-2014-3704
SHA-256 | 59c783da21c64e0178897d8573702afbd579b90f368e1d6b75b500bd779f1e7d
Drupal 7.x SQL Injection
Posted Oct 17, 2014
Authored by Milan Kragujevic

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in PHP.

tags | exploit, remote, php, sql injection
advisories | CVE-2014-3704
SHA-256 | 6a679975d4aedf7fae60ac5967b6a7a0f2df824c655818737129b9469834931c
Drupal Core 7.32 SQL Injection
Posted Oct 17, 2014
Authored by fyukyuk

Drupal Core versions 7.32 and below remote SQL injection exploit. Written in Python.

tags | exploit, remote, sql injection, python
advisories | CVE-2014-3704
SHA-256 | f2134892d4d8b5b802d94df2c65358a4666289ce2461ddd91028b87140992ab9
Debian Security Advisory 3051-1
Posted Oct 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3051-1 - Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.

tags | advisory, sql injection
systems | linux, debian
advisories | CVE-2014-3704
SHA-256 | b58ac7fafe37dea51b8061aebe0fc05e4f3aa3ce9d45c41142522595831636d3
Drupal 7.X SQL Injection
Posted Oct 16, 2014
Authored by Claudio Viviani

Drupal versions 7.0 through 7.31 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-3704
SHA-256 | 9334b6a6e29d21e0ca0b95e292aa9748f72a53b287557bce5063375a461b299e
Drupal 7.31 SQL Injection
Posted Oct 16, 2014
Authored by Stefan Horst

Drupal versions 7.0 through 7.31 suffer from a pre-authentication remote SQL injection vulnerability.

tags | advisory, remote, sql injection
advisories | CVE-2014-3704
SHA-256 | f35969a96fc3edeea7c6ff6dae1ff02d6ed45becae3aa463f435daf8161a7cfc
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close