Drupal prior to 7.58, 8.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1 allows remote malicious users to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week
Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware. A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe. Microsoft ranks highly in the list because its software is widely used, and provides the mo...
Website building biz warns exploit may come in hours BDSM sex rocks Drupal world: Top dev banished for sci-fi hanky-panky
Anyone running a website built with Drupal should stop whatever they are doing right now and install critical security patches. The organization behind the open-source software today put out an urgent security patch to address a remote code execution vulnerability in "multiple subsystems" of its content management system software. The holes could allow hackers to attack a Drupal-powered website in a number of different ways and that "could result in the site being completely compromised." In oth...