HackDig : Dig high-quality web security articles for hackers

Drupal emergency updates fix critical arbitrary PHP code execution

Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses
Publish At:2020-11-27 21:42 | Read:65 | Comments:0 | Tags:Breaking News Hacking Security Drupal PHP code execution

Drupal addressed CVE-2020-13671 Remote Code Execution flaw

Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has
Publish At:2020-11-19 14:48 | Read:169 | Comments:0 | Tags:Breaking News Security CMS Drupal Hacking hacking news infor

Drupal addressed XSS and information disclosure flaws

Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). The most severe issue, tracked as CVE-2020-13668, is a
Publish At:2020-09-17 14:35 | Read:268 | Comments:0 | Tags:Breaking News Hacking Drupal hacking news information disclo

Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code
Publish At:2020-06-18 12:28 | Read:577 | Comments:0 | Tags:Breaking News Hacking Security CSRF Drupal hacking news info

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

byLisa VaasWhen work-from-home became a sudden, urgent need in March, many organizations slapped together cloud-collaboration services such as Microsoft Office 365 for their newly locked-down staff.Unfortunately and understandably, pressure was high. People were scrambling. Thus did a number of those services get put together with a wing, a prayer, and misco
Publish At:2020-05-18 12:27 | Read:760 | Comments:0 | Tags:Malware Security threats Vulnerability .net Adobe Flash Apac

Drupal addresses two XSS flaws by updating the CKEditor

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x and 8.7.x that address two XSS vulnerabilities that affect the CKEditor library. CKEditor is the far superior successor of FCKeditor, it i
Publish At:2020-03-20 07:06 | Read:1057 | Comments:0 | Tags:Breaking News Security Drupal hacking news information secur

Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C
Publish At:2017-06-23 07:05 | Read:4005 | Comments:0 | Tags:Breaking News Hacking CMS CVE-2017-6922 Cybercrime Drupal Pi

Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a hug
Publish At:2017-04-20 04:35 | Read:3857 | Comments:0 | Tags:Breaking News Hacking CMS Cybercrime Drupal References Modul

Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for
Publish At:2017-03-16 19:55 | Read:4919 | Comments:0 | Tags:Breaking News Hacking CMS Drupal Drupal version 8.2.7

Drupal releases security updates to fix four vulnerabilities in versions 7, 8

Drupal developers have released updates for versions 7 and 8 that fix security issues which could expose websites to cyber attacks. The Drupal development team has released security updates for versions 7 and 8. The updates fix security vulnerabilities that could expose websites running on the popular CMS and data they manage to security risks, including inf
Publish At:2016-11-18 11:05 | Read:4288 | Comments:0 | Tags:Breaking News Hacking Security cache poisoning Drupal patch

Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites o
Publish At:2016-09-26 16:40 | Read:4755 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Reports 15 769 Wor

Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm D
Publish At:2016-08-24 04:45 | Read:4764 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet CMS Cybercrime Drup

Drupalgeddon hits Warframe – nearly 800,000 gamers’ account details being sold on the net.

Are you a fan of Warframe?Is so, Digital Extremes, the company behind the popular online game for the XBox One, Playstation 4 and PC, has some bad news for you.Last week we were made aware of a potential web server breach that occurred in November 2014. At the time, we believed this to be a phishing scam as our account server was secure. After a thorough rev
Publish At:2016-07-21 14:15 | Read:3848 | Comments:0 | Tags:Featured Articles Security Awareness data breach Drupal Hack

Old CVE-2014-3704 flaw in Drupal still exploited in attacks

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drup
Publish At:2016-06-05 04:35 | Read:5683 | Comments:0 | Tags:Breaking News Cyber Crime Hacking CMS CVE-2014-3704 Cybercri

Unpatched Drupal flaws open websites to attacks

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites. A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior
Publish At:2016-01-07 16:10 | Read:4446 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Drupal man-in-the-middle

Tools