Show advisories for only Drupal Core, only contributed projects, or only PSAs

Drupal core - Users can insert hidden text and links - PSA-2013-001

Date: 
2013-September-04
  • Advisory ID: PSA-2013-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2013-September-04
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure

SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-073
  • Project: Make Meeting Scheduler (third-party module)
  • Version: 6.x
  • Date: 2013-September-04
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2013-072 - Node View Permissions - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-072
  • Project: Node View Permissions (third-party module)
  • Version: 7.x
  • Date: 2013-August-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2013-071 - Flag - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-071
  • Project: Flag (third-party module)
  • Version: 7.x
  • Date: 2013-August-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-070
  • Project: Zen (third-party module)
  • Version: 7.x
  • Date: 2013-August-21
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2013-069 - Password Policy - XSS

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-069
  • Project: Password policy (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-068 - Entity API - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-068
  • Project: Entity API (third-party module)
  • Version: 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2013-067 - BOTCHA - Information Disclosure (potential Privilege Escalation)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-067
  • Project: BOTCHA Spam Prevention (third-party module)
  • Version: 7.x
  • Date: 2013-August-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 7.x

SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-066
  • Project: Monster Menus (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-August-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-065
  • Project: Organic groups (third-party module)
  • Version: 7.x
  • Date: 2013-August-07
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Multiple vulnerabilities
Categories: Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories