Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-082 - Print - Local file read access

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-082
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-August-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Local file read access

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-081
  • Project: FileField Sources (third-party module)
  • Version: 6.x
  • Date: 2010-August-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary Code Execution

SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-080
  • Project: Privatemsg (third-party module)
  • Version: 6.x
  • Date: 2010-August-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-Site Scripting

SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting

  • Advisory ID: SA-CONTRIB-2010-079
  • Project: Devel (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-Aug-04
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-078 - Kaltura - Information disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-078
  • Project: Kaltura (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2010-July-28
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Information disclosure

SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-077
  • Project: Sage Pay Direct Payment Gateway for Ubercart (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-July-28
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)

  • Advisory ID: SA-CONTRIB-2010-076
  • Project: Dashboard (third-party module)
  • Version: 6.x
  • Date: 2010-July-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-075
  • Project: Tagging (third-party module)
  • Version: 6.x
  • Date: 2010-July 21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-074
  • Projects: Drupad (third-party module)
  • Version: 6.x
  • Date: 2010-07-14
  • Security risks: Critical
  • Exploitable from: Remote
  • Vulnerability: CSRF

SA-CONTRIB-2010-073 - Multiple Vulnerabilities In Multiple Contributed Modules

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-073
  • Projects: Multiple third party modules - Simple Gallery, OG Menu, Tell A Friend Node, JsMath For Displaying Mathematics With TeX
  • Version: 5.x, 6.x
  • Date: 2010-July-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Cross Site Scripting, Email Header Injection)

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects