Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-071 - Organic Groups Vocabulary Access Bypass

By greggles on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-071
  • Project: OG Vocabulary (third party module)
  • Version: 6.x
  • Date: 2009-October-14
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2009-070 - Shibboleth authentication - Impersonation, privilege escalation

By coltrane on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-070
  • Project: Shibboleth authentication (third-party module)
  • Version: 6.x, 5.x
  • Date: 2009-October-14
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Impersonation, privilege escalation
Categories: Drupal 6.x

SA-CONTRIB-2009-068 - Boost - Filesystem Directory Creation

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-068
  • Project: Boost (third-party module)
  • Version: 6.x-1.*
  • Date: 2009-09-30
  • Security risk: Low
  • Exploitable from: Remote
  • Vulnerability: Filesystem Directory Creation
Categories: Drupal 6.x

SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-069
  • Project: Shared Sign On (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009 September 30
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-067 Dex module - Cross Site Scripting, no longer maintained

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-067
  • Project: Dex: Contact Information Manager (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-Sept-30
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-066 - Organic Groups - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-066
  • Project: Organic Groups (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-September-30
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-065 - Browscap - Cross Site Scripting

By greggles on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-065
  • Project: Browscap (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-September-30
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-064 - Bibliography module - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-064
  • Project: Bibliography module (third-party module)
  • Version: 6.x
  • Date: 2009-September-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2009-063 - XML sitemap - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-063
  • Project: XML sitemap (third-party module)
  • Version: 5.x
  • Date: 2009-September-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x

SA-CONTRIB-2009-062 - Devel - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-062
  • Project: Devel (third-party module)
  • Version: 5.x, 6.x
  • Date: 2009-September-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 5.x, Drupal 6.x

Pages

Subscribe with RSS Subscribe to Security advisories