Show advisories for only Drupal Core, only contributed projects, or only PSAs

XSS vulnerability in webform module

By chx on
  • Advisory ID: DRUPAL-SA-2006-010
  • Project: webform
  • Date: 2006-Jul-09
  • Security risk: critical
  • Impact: webform
  • Exploitable from: remote
  • Vulnerability: multiple cross-site scripting

Form_mail module allows arbitrary header injection

By chx on
  • Advisory ID: DRUPAL-SA-2006-009
  • Project: form_mail
  • Date: 2006-Jul-4
  • Security risk: moderately critical
  • Impact: security bypass
  • Exploitable from: remote
  • Vulnerability: mail header injection attack

DRUPAL-SA-2006-008 XSS Vulnerability in taxonomy module

By webchick on
  • Advisory ID: DRUPAL-SA-2006-008
  • Project: Drupal core
  • Date: 2006-Jun-01
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting
Categories: Drupal 4.6.x, Drupal 4.7.x

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

By webchick on
  • Advisory ID: DRUPAL-SA-2006-007
  • Project: Drupal core and potentially any web application that accepts uploads.
  • Date: 2006-Jun-01
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files
Categories: Drupal 4.6.x, Drupal 4.7.x

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

By webchick on
  • Advisory ID: DRUPAL-SA-2006-006
  • Project: Drupal core
  • Date: 2006-May-24
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files
Categories: Drupal 4.6.x, Drupal 4.7.x

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

By chx on
  • Advisory ID: DRUPAL-SA-2006-005
  • Project: Drupal core
  • Date: 2006-May-18
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: SQL injection
Categories: Drupal 4.6.x, Drupal 4.7.x

XSS vulnerability in project module

By dries on
  • Project: project module (contributed module)
  • Security risk: less critical
  • Impact: project module
  • Where: from remote
  • Vulnerability: malicious HTML execution and XSS attacks

DRUPAL-SA-2006-004 Mail header injection vulnerability

By jvandyk on
  • Advisory ID: DRUPAL-SA-2006-004
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: moderately critical
  • Impact: security bypass
  • Where: from remote
  • Vulnerability: mail header injection attack
Categories: Drupal 4.5.x or older, Drupal 4.6.x

DRUPAL-SA-2006-003 Session fixation vulnerability

By jvandyk on
  • Advisory ID: DRUPAL-SA-2006-003
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: less critical
  • Impact: hijacking
  • Where: from remote
  • Vulnerability: session fixation attack
Categories: Drupal 4.5.x or older, Drupal 4.6.x

DRUPAL-SA-2006-002 XSS vulnerabilities

By jvandyk on
  • Advisory ID: DRUPAL-SA-2006-002
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: less critical
  • Impact: cross-site scripting
  • Where: from remote
  • Vulnerability: cross-site scripting
Categories: Drupal 4.5.x or older, Drupal 4.6.x

Pages

Subscribe with RSS Subscribe to Security advisories