Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-016
  • Project: Node Quick Find (third-party module)
  • Version: 6.x
  • Date: 2011-APRIL-06
  • Security risk: Not critical (definition of risk levels)
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-015 - Translation Management - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-015
  • Project: Translation Management (third-party module)
  • Version: 6.x
  • Date: 2011-March-30
  • Security risk: Critical (definition of risk levels)
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgeries, SQL Injection

SA-CONTRIB-2011-014 - Webform Block - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-014
  • Project: Webform Block (third-party module)
  • Version: 6.x
  • Date: 2011-March-23
  • Security risk: Moderately critical (definition of risk levels)
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-013
  • Project: Tagadelic (third-party module)
  • Version: 6.x
  • Date: 2011-March-16
  • Security risk: Moderately Critical (definition of risk levels)
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-012 - Spaces - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-012
  • Project: Spaces (third-party module)
  • Version: 6.x
  • Date: 2011-March-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2011-011 - Secure Pages - Open redirect

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-011
  • Project: Secure Pages (third-party module)
  • Version: 6.x
  • Date: 2011-March-02
  • Security risk: Less Critical (definition of risk levels)
  • Exploitable from: Remote
  • Vulnerability: Open Redirection

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-010
  • Project: Messaging (third-party module)
  • Version: 6.x
  • Date: 2011-February-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-009 - Droptor - SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-009
  • Project: Droptor (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-CONTRIB-2011-008 - Chatroom - Cross Site Scripting (XSS) and Cross Site Request Forgery

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-008
  • Project: Chatroom (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting and Cross Site Request Forgery

SA-CONTRIB-2011-007 - Userpoints Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2011-007
  • Project: Userpoints (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects