Pierluigi Paganini
July 25, 2022
Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately […]
Pierluigi Paganini
January 22, 2021
Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. The PEAR Archive_Tar class provides handling of tar files in PHP. It supports creating, listing, extracting, and adding […]
Pierluigi Paganini
November 27, 2020
Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses the PEAR […]
Pierluigi Paganini
November 19, 2020
Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has been classified as critical […]
Pierluigi Paganini
November 11, 2020
Muhstik botnet leverages known web application exploits to compromise IoT devices, now it targeting Oracle WebLogic, Drupal. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig, combined with DDoS-for-hire services. The botnet leverages IRC servers for command-and-control […]
Pierluigi Paganini
September 17, 2020
Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). The most severe issue, tracked as CVE-2020-13668, is a critical reflected XSS issue affecting Drupal 8 and 9. Let’s remind that Drupal uses […]
Pierluigi Paganini
June 18, 2020
Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code. The CVE-2020-13664 flaw affects both […]
Pierluigi Paganini
March 20, 2020
Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library. CKEditor is the far superior successor of FCKeditor, it is a popular, highly […]
Pierluigi Paganini
July 18, 2019
Drupal developers urge users to update their installs to version 8.7.5, which addresses the CVE-2019-6342 flaw that allows hackers to take control of Drupal 8 sites. Drupal developers informed users that version 8.7.4 is affected by a critical flaw, tracked as CVE-2019-6342, that could be exploited by attackers to take control of Drupal 8 websites. […]
Pierluigi Paganini
April 18, 2019
The developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. The developers of the Symfony PHP web application framework addressed […]
