These posts by the Drupal security team are also sent to the security announcements e-mail list.

Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-2007-001.
  • Project: Drupal Core.
  • Version: 4.6, 4.7.
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

  • Advisory ID: DRUPAL-SA-2006-026
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: HTML attribute injection

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

  • Advisory ID: DRUPAL-SA-2006-025
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgeries

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

  • Advisory ID: DRUPAL-SA-2006-024
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

DRUPAL-SA-2006-011 XSS Vulnerability in user module

  • Advisory ID: DRUPAL-SA-2006-011
  • Project: Drupal core
  • Date: 2006-Aug-2
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting

DRUPAL-SA-2006-008 XSS Vulnerability in taxonomy module

  • Advisory ID: DRUPAL-SA-2006-008
  • Project: Drupal core
  • Date: 2006-Jun-01
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

  • Advisory ID: DRUPAL-SA-2006-007
  • Project: Drupal core and potentially any web application that accepts uploads.
  • Date: 2006-Jun-01
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

  • Advisory ID: DRUPAL-SA-2006-006
  • Project: Drupal core
  • Date: 2006-May-24
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

  • Advisory ID: DRUPAL-SA-2006-005
  • Project: Drupal core
  • Date: 2006-May-18
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: SQL injection

DRUPAL-SA-2006-004 Mail header injection vulnerability

  • Advisory ID: DRUPAL-SA-2006-004
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: moderately critical
  • Impact: security bypass
  • Where: from remote
  • Vulnerability: mail header injection attack

Pages

Subscribe with RSS Subscribe to Security advisories