Security advisories for contributed projects | Drupal.org

Show advisories for only Drupal core, only PSAs, or all security advisories

Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by community members.

SA-CONTRIB-2012-111 - Security Questions - Access Bypass

By Drupal Security Team on 11 Jul 2012 at 15:59 UTC

Advisory ID: SA-CONTRIB-2012-111
Project: Security Questions (third-party module)
Version: 6.x, 7.x
Date: 2012-July-11
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

By Drupal Security Team on 11 Jul 2012 at 15:18 UTC

Advisory ID: SA-CONTRIB-2012-110
Project: Colorbox Node (third-party module)
Version: 7.x
Date: 2012-July-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-109 - Restrict node page view - Access bypass

By Drupal Security Team on 11 Jul 2012 at 15:06 UTC

Advisory ID: SA-CONTRIB-2012-109
Project: Restrict node page view (third-party module)
Version: 7.x
Date: 2012-July-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution

By Drupal Security Team on 11 Jul 2012 at 14:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-108
Project: Drag & Drop Gallery (third-party module)
Version: 6.x
Date: 2012-July-11
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request Forgery, SQL Injection, Arbitrary PHP code execution

SA-CONTRIB-2012-107 - Search autocomplete - Access bypass

By Drupal Security Team on 11 Jul 2012 at 14:34 UTC

Advisory ID: SA-CONTRIB-2012-107
Project: Search Autocomplete (third-party module)
Version: 7.x
Date: 2012-July-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-106 - Listhandler - Access Bypass

By Drupal Security Team on 11 Jul 2012 at 14:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-106
Project: Listhandler (third-party module)
Version: 6.x
Date: 2012-July-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)

By Drupal Security Team on 27 Jun 2012 at 20:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-105
Project: Hashcash (third-party module)
Version: 6.x, 7.x
Date: 2012-June-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)

By Drupal Security Team on 20 Jun 2012 at 17:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-104
Project: Privatemsg (third-party module)
Version: 7.x
Date: 2012-June-20
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-103 - Global Redirect - Open Redirect

By Drupal Security Team on 13 Jun 2012 at 20:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-103
Project: Global Redirect (third-party module)
Version: 6.x, 7.x
Date: 2012-June-13
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Open Redirect

SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

By Drupal Security Team on 13 Jun 2012 at 20:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-102
Project: Ubercart AJAX Cart (third-party module)
Version: 6.x
Date: 2012-June-13
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Information Disclosure

Pages

Subscribe with RSS