Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-096 - Domain access - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-096
  • Project: Domain access (third-party module)
  • Version: 5.x, 6.x, 7.x
  • Date: 2010-September-22
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-Site Scripting, Priviledge Escalation

SA-CONTRIB-2010-095 - Lightbox2 - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-095
  • Project: Lightbox2 (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-September-22
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass, Cross-Site Scripting

SA-CONTRIB-2010-094 - Embedded Media Field - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-094
  • Project: Embedded Media Field (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-September-22
  • Security risk: Moderately Critical Less Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-093
  • Project: Advanced Taxonomy Blocks (third-party module)
  • Version: 6.x
  • Date: 2010-September-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2010-092 - Advanced Book Blocks - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-092
  • Project: Advanced Book Blocks (third-party module)
  • Version: 6.x
  • Date: 2010-September-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2010-091 - Mollom - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-091
  • Project: Mollom (third-party module)
  • Version: 6.x
  • Date: 2010-September-15
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2010-090 - Yr Weatherdata - SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-090
  • Project: Yr Weatherdata (third-party module)
  • Version: 6.x
  • Date: 2010-September-08
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-089
  • Project: Simplenews content selection (third-party module)
  • Version: 6.x
  • Date: 2010-August-18
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-CONTRIB-2010-088 - Content Construction Kit (CCK) - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-088
  • Project: Content Construction Kit (CCK) (third-party module)
  • Version: 6.x
  • Date: 2010-August-11
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

SA-CONTRIB-2010-087 - GovDelivery - Cross site scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-087
  • Project: GovDelivery Integration (third-party module)
  • Version: 6.x
  • Date: 2010-Aug-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects