These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2008-047 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-047
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2008-August-13
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-046 - Drupal core - Session fixation

  • Advisory ID: DRUPAL-SA-2008-046
  • Project: Drupal core
  • Version: 5.x
  • Date: 2008-July-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Session fixation

SA-2008-044 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-044
  • Project: Drupal core
  • Version: 5x, 6.x
  • Date: 2008-July-9
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-026 - Drupal core - Access bypass

  • Advisory ID: DRUPAL-SA-2008-026
  • Project: Drupal core
  • Version: 6.x
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2008-018 - Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

  • Advisory ID: DRUPAL-SA-2008-007
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting when register_globals is enabled.

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

  • Advisory ID: DRUPAL-SA-2008-006
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2008-005 - Drupal core - Cross site request forgery

  • Advisory ID: DRUPAL-SA-2008-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

  • Advisory ID: DRUPAL-SA-2007-031
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-December-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-2007-030 - Drupal Core - API handling of unpublished comment.

  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Pages

Subscribe with RSS Subscribe to Security advisories