Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross site scripting (XSS)

By Drupal Security Team on 13 Feb 2013 at 15:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-015
Project: Manager Change for Organic Groups (third-party module)
Version: 7.x
Date: 2013-February-13
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-014 - Drush Debian Packaging - Information Disclosure - Unsupported

By Drupal Security Team on 30 Jan 2013 at 17:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-014
Project: Drush Debian Packaging (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Critical
Exploitable from: Local
Vulnerability: Information Disclosure

SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS)

By Drupal Security Team on 30 Jan 2013 at 17:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-013
Project: Boxes (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-012 - Google Authenticator login - Access Bypass

By Drupal Security Team on 30 Jan 2013 at 17:00 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-012
Project: Google Authenticator login (third-party module)
Version: 7.x
Date: 2013-January-30
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-011 - email2image - Access Bypass - Unsupported

By Drupal Security Team on 30 Jan 2013 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-011
Project: email2image (third-party module)
Version: 6.x
Date: 2013-January-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 17:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-010
Project: Search API sorts (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-009 - Keyboard Shortcut Utility - Access Bypass - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-009
Project: Keyboard Shortcut Utility (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-008
Project: CurvyCorners (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 16:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-007
Project: User Relationships (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-006 - Video - Arbitrary Code Execution

By Drupal Security Team on 23 Jan 2013 at 16:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-006
Project: Video (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS