Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2012-022 - CDN - Information disclosure

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-022
  • Project: CDN (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-February-15
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-021 - Organic Groups Vocab Access Bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-021
  • Project: Organic Groups Vocabulary (third-party module)
  • Version: 6.x
  • Date: 2012-February-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-020 - Faster Permissions - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-020
  • Project: Faster Permissions (third-party module)
  • Version: 7.x
  • Date: 2012-February-15
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-019 - Link checker - Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-019
  • Project: Link checker (third-party module)
  • Version: 6.x
  • Date: 2012-February-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2012-018 - Revisioning - Cross Site Scripting

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-018
  • Project: Revisioning (third-party module)
  • Version: 6.x
  • Date: 2012-FEB-08
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-017 - Finder - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-017
  • Project: Finder (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-February-08
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities

SA-CONTRIB-2012-016 - Forward module CSRF and Access bypass

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-016
  • Project: Forward (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-February-01
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross Site Request Forgery

SA-CONTRIB-2012-015 - Managesite - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-015
  • Project: Managesite (third-party module)
  • Version: 6.x
  • Date: 2012-January-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-014 - Drupal Commerce - Cross Site Scripting (XSS)

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-014
  • Project: Drupal Commerce (third-party module)
  • Version: 7.x
  • Date: 2012-January-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection

  • Advisory ID: DRUPAL-SA-CONTRIB-2012-013
  • Project: Search Autocomplete (third-party module)
  • Version: 7.x
  • Date: 2012-January-25
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

Pages

Subscribe with RSS Subscribe to Security advisories for contributed projects