Show advisories for only Drupal Core, only contributed projects, or only PSAs

Chatroom - Security bypass

By heine on
  • Advisory ID: DRUPAL-SA-2006-030.
  • Project: Chatroom (third-party module).
  • Date: 2006-Dec-11.
  • Security risk: Highly critical.
  • Exploitable from: Remote.
  • Vulnerability: Security bypass.

Help Tip - Multiple vulnerabilities

By heine on
  • Advisory ID: DRUPAL-SA-2006-029.
  • Project: Help Tip (third-party module).
  • Date: 2006-Dec-11.
  • Security risk: highly critical.
  • Exploitable from: remote.
  • Vulnerability: SQL Injection, Cross site scripting.

CVS management/tracker XSS

By heine on
  • Advisory ID: DRUPAL-SA-2006-028.
  • Project: CVS management/tracker (third party module).
  • Date: 2006-Dec-05.
  • Security risk: less critical.
  • Exploitable from: remote.
  • Vulnerability: Cross site scripting.

Extended Tracker - SQL Injection

By heine on
  • Advisory ID: DRUPAL-SA-2006-027
  • Project: Extended Tracker (xtracker) 4.7
  • Date: 2006-Oct-26
  • Security risk: highly critical
  • Exploitable from: remote
  • Vulnerability: SQL injection

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

By heine on
  • Advisory ID: DRUPAL-SA-2006-026
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: HTML attribute injection
Categories: Drupal 4.6.x, Drupal 4.7.x

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

By heine on
  • Advisory ID: DRUPAL-SA-2006-025
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgeries
Categories: Drupal 4.6.x, Drupal 4.7.x

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

By heine on
  • Advisory ID: DRUPAL-SA-2006-024
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 4.6.x, Drupal 4.7.x

IMCE file handling vulnerabilities

By heine on
  • Advisory ID: DRUPAL-SA-2006-023
  • Project: IMCE
  • Date: 2006-October-02
  • Security risk: highly critical
  • Exploitable from: remote
  • Vulnerability: file handling

Search Keywords cross site scripting vulnerability

By heine on
  • Advisory ID: DRUPAL-SA-2006-022
  • Project: Search Keywords
  • Date: 2006-Sep-20
  • Security risk: moderately critical
  • Exploitable from: remote
  • Vulnerability: cross site scripting

Site Profile Directory cross site scripting vulnerability

By heine on
  • Advisory ID: DRUPAL-SA-2006-021
  • Project: Site Profile Directory
  • Date: 2006-Sep-20
  • Security risk: less critical
  • Exploitable from: remote
  • Vulnerability: cross site scripting

Pages

Subscribe with RSS Subscribe to Security advisories