Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-064
  • Project: Ubercart MIGS Payment Gateway (third-party module)
  • Versions: 6.x
  • Date: 2010-Jun-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Web Parameter Tampering

SA-CONTRIB-2010-063 - Studio theme pack - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-063
  • Project: Studio theme pack (third-party theme)
  • Version: 6.x
  • Date: 2010-June-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-062
  • Project: Ogone | Ubercart payment (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-June-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

SA-CONTRIB-2010-061 - AddonChat - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-061
  • Project: AddonChat (third-party module)
  • Version: 6.x-1.x
  • Date: 2010-May-26
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Privilege Escalation, Cross-site scripting)

SA-CONTRIB-2010-060 - Scheduler - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-060
  • Project: Scheduler (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-May-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-059: Panels - Arbitrary PHP code execution

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-059
  • Project: Panels (third-party module)
  • Versions: 6.x
  • Date: 2010 May 19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary PHP code execution

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-058
  • Project: Chaos tool suite (third-party module)
  • Versions: 6.x
  • Date: 2010 May 19
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-057
  • Project: Rotor Banner (third-party module)
  • Versions: 6.x-2.x, 5.x-1.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-056
  • Project: User Queue (third-party module)
  • Versions: 6.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site Request Forgery

SA-CONTRIB-2010-055 - Simplenews - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-055
  • Project: Simplenews (third-party module)
  • Version: 6.x
  • Date: 2010-May-19
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects