Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-086 - Prepopulate - Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-086
  • Project: Prepopulate (third-party module)
  • Version: 5.x and 6.x
  • Date: 2010-Aug-11
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass

SA-CONTRIB-2010-085 - Pathauto - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-085
  • Project: Pathauto (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-August-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-084 - OpenID - Authentication bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-084
  • Project: OpenID (third-party module)
  • Version: 5.x
  • Date: 2010-Aug-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Authentication bypass

SA-CONTRIB-2010-083 - Ubercart sub-modules - Multiple Vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-083
  • Project: UC2Checkout, UCPaypal, UC Cart LInks (third-party modules in the Ubercart Project)
  • Version: 5.x, 6.x
  • Date: 2010-Aug-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access Bypass, Cross Site Request Forgery

SA-CONTRIB-2010-082 - Print - Local file read access

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-082
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-August-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Local file read access

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-081
  • Project: FileField Sources (third-party module)
  • Version: 6.x
  • Date: 2010-August-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary Code Execution

SA-CONTRIB-2010-080 - Privatemsg - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-080
  • Project: Privatemsg (third-party module)
  • Version: 6.x
  • Date: 2010-August-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-Site Scripting

SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting

  • Advisory ID: SA-CONTRIB-2010-079
  • Project: Devel (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-Aug-04
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-078 - Kaltura - Information disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-078
  • Project: Kaltura (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2010-July-28
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Information disclosure

SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2010-077
  • Project: Sage Pay Direct Payment Gateway for Ubercart (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-July-28
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects