Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-2007-030 - Drupal Core - API handling of unpublished comment.

By heine on
  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-029 - Drupal core - User deletion cross site request forgery

By heine on
  • Advisory ID: DRUPAL-SA-2007-029
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery
Categories: Drupal 5.x

SA-2007-027 - Token - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2007-027
  • Project: Several Modules That Use Token module
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-028 - Weblinks - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2007-028
  • Project: Weblinks (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-026 - Drupal Core - Cross site scripting via uploads

By heine on
  • Advisory ID: DRUPAL-SA-2007-026
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

By heine on
  • Advisory ID: DRUPAL-SA-2007-025
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution
Categories: Drupal 5.x

SA-2007-024 - Drupal Core - HTTP response splitting

By heine on
  • Advisory ID: DRUPAL-SA-2007-024
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: HTTP response splitting
Categories: Drupal 4.7.x, Drupal 5.x

PHP exploit using Drupal circulating - PSA-2007-001

Date: 
2007-October-17
  • Project: PHP
  • Version: PHP 4 < 4.4.3, PHP 5 < 5.1.4
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: unset() hash / index collision exploit using Drupal (CVE-2006-3017)

Description

SA-2007-022 - Boost - file overwrite

By bjaspan on
  • Advisory ID: DRUPAL-SA-2007-022.
  • Project: Boost (third-party module)
  • Version: 4.7.x-1.*, 5.x-0.*
  • Date: 2007-10-03
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Filesystem overwrite

SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

By hunmonk on
  • Advisory ID: DRUPAL-SA-2007-021.
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x
  • Date: 2007-Sep-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

Pages

Subscribe with RSS Subscribe to Security advisories