Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-010
  • Project: Messaging (third-party module)
  • Version: 6.x
  • Date: 2011-February-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2011-009 - Droptor - SQL Injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-009
  • Project: Droptor (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection
Categories: Drupal 6.x

SA-CONTRIB-2011-008 - Chatroom - Cross Site Scripting (XSS) and Cross Site Request Forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-008
  • Project: Chatroom (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting and Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2011-007 - Userpoints Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-007
  • Project: Userpoints (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2011-006 - Flag Page - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-006
  • Project: Flag page (third-party module)
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2011-005 - AES encryption - Information disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-005
  • Project: AES (third-party module)
  • Version: 7.x
  • Date: 2011-February-02
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 7.x

SA-CONTRIB-2011-004 - Multiple Vulnerabilities In Multiple Contributed Modules

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-004
  • Projects: Multiple third party modules - OG Forum, Open Legislation, PowerSQL
  • Version: 6.x
  • Date: 2011-February-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple (Information disclosure, Cross Site Scripting, Cross Site Request Forgery, SQL injection)
Categories: Drupal 6.x

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-003
  • Project: Janrain Engage (formerly RPX) (third-party module)
  • Version: 6.x
  • Date: 2011-January-19
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting or Arbitrary Code Execution
Categories: Drupal 6.x

SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-002
  • Project: Panels (third-party module)
  • Version: 6.x
  • Date: 2011-January-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2011-001 - Webform - SQL Injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2011-001
  • Project: Webform (third-party module)
  • Version: 6.x
  • Date: 2011-January-10
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection
Categories: Drupal 6.x

Pages

Subscribe with RSS Subscribe to Security advisories