Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-2008-015 - Comment Upload - Arbitrary file upload

By heine on
  • Advisory ID: DRUPAL-SA-2008-015
  • Project: Comment upload (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-30
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary file upload

SA-2008-014 - Userpoints - Cross site request forgery

By heine on
  • Advisory ID: DRUPAL-SA-2008-014
  • Project: Userpoints (third-party module)
  • Version: 4.7.x, 5.x-2.x, 5.x-3.x
  • Date: 2008-January-30
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2008-013 - Project issue tracking - Arbitrary file upload

By dww on
  • Advisory ID: DRUPAL-SA-2008-013
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
  • Date: 2008-January-30
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary file upload

SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables

By heine on
  • Advisory ID: DRUPAL-SA-2008-012
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
  • Date: 2008-January-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

SA-2008-011 - Securesite - Access bypass

By heine on
  • Advisory ID: DRUPAL-SA-2008-011
  • Project: Secure Site (third-party module)
  • Version: 5.x-1.0, 4.7.x-1.0
  • Date: 2008-January-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2008-10 - Archive - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2008-010
  • Project: Archive (third-party module)
  • Version: 5.x
  • Date: 2008-January-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2008-009 - Workflow - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2008-009
  • Project: Workflow (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-23
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2008-008 - Meta tags - Arbitrary code execution

By heine on
  • Advisory ID: DRUPAL-SA-2008-008
  • Project: Meta tags / Nodewords (third-party module)
  • Version: 5.x-1.6
  • Date: 2008-January-14
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

By heine on
  • Advisory ID: DRUPAL-SA-2008-007
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting when register_globals is enabled.
Categories: Drupal 4.7.x, Drupal 5.x

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

By heine on
  • Advisory ID: DRUPAL-SA-2008-006
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 4.7.x, Drupal 5.x

Pages

Subscribe with RSS Subscribe to Security advisories