Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-015 - Tokenauth - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-015
  • Project: Token authentication (third-party module)
  • Version: 6.x
  • Date: 2009-March-25
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2009-014 - CCK Field Privacy - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-014
  • Project: CCK Field Privacy
  • Version: 6.x
  • Date: 2009-March-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2009-013 CCK - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-013
  • Project: Content Construction Kit (third-party module)
  • Version: 6.x
  • Date: 2009 March 18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)
Categories: Drupal 6.x

SA-CONTRIB-2009-012 - Printer, e-mail and PDF versions - Unrestricted e-mailing (spam)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-012
  • Project: Printer, e-mail and PDF versions (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2009 March 18
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Unrestricted e-mailing (spam)
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-011 Tasklist - SQL injection and Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-011
  • Project: Tasklist (third-party module)
  • Version: 5.x
  • Date: 2009 March 18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection and Cross-site scripting (XSS)
Categories: Drupal 5.x

SA-CONTRIB-2009-010 Plus 1 - Cross-site request forgery

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-010
  • Project: Plus 1 (third-party module)
  • Version: 6.x
  • Date: 2009 March 18
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site request forgery (CSRF)
Categories: Drupal 6.x

New pages and RSS feeds for security announcements

By pwolanin on

Separate Security Announcements by Type

To make the impact of different security advisories and announcements easier to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security
RSS feed for Drupal core: http://drupal.org/security/rss.xml

Contributed project security advisories: http://drupal.org/security/contrib
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml

Public service announcements: http://drupal.org/security/psa
RSS feed for announcements: http://drupal.org/security/psa/rss.xml

We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.

All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the Public service announcements page and feed.

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-009
  • Project: Forward
  • Versions: 5.x, 6.x
  • Date: 2009-March-11
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Unrestricted e-mailing (spam)
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-008 - Taxonomy Theme - Cross site scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-008
  • Project: Taxonomy Theme (third-party module)
  • Version: 5.x
  • Date: 2009 February 28
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-CORE-2009-004 - Local file inclusion on Windows

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2009-004
  • Project: Drupal core
  • Versions: 5.x
  • Date: 2009-February-25
  • Security risk: Highly Critical
  • Exploitable from: Remote
  • Vulnerability: Local file inclusion on Windows
  • Reference: SA-CORE-2009-003 (6.x)
Categories: Drupal 5.x

Pages

Subscribe with RSS Subscribe to Security advisories