Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-2008-005 - Drupal core - Cross site request forgery

By heine on
  • Advisory ID: DRUPAL-SA-2008-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery
Categories: Drupal 4.7.x, Drupal 5.x

SA-2008-004 - Fileshare - Arbitrary code execution

By heine on
  • Advisory ID: DRUPAL-SA-2008-004
  • Project: Fileshare (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

SA-2008-003 - BUEditor - CSRF

By heine on
  • Advisory ID: DRUPAL-SA-2008-003
  • Project: BUEditor (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2008-002 - Atom - Access bypass

By heine on
  • Advisory ID: DRUPAL-SA-2008-002
  • Project: Atom (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2008-001 - Devel - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2008-001
  • Project: Devel (third-party module)
  • Version: 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-033 - Feature - CSRF

By heine on
  • Advisory ID: DRUPAL-SA-2007-033
  • Project: Feature module (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-December-05
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2007-032 - Shoutbox - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2007-032
  • Project: Shoutbox (third-party module)
  • Version: 5.x
  • Date: 2007-December-05
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

By heine on
  • Advisory ID: DRUPAL-SA-2007-031
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-December-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-030 - Drupal Core - API handling of unpublished comment.

By heine on
  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-029 - Drupal core - User deletion cross site request forgery

By heine on
  • Advisory ID: DRUPAL-SA-2007-029
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery
Categories: Drupal 5.x

Pages

Subscribe with RSS Subscribe to Security advisories