Show advisories for only Drupal Core, only contributed projects, or only PSAs

Print - Access bypass

By AjK on
  • Advisory ID: DRUPAL-SA-2007-014
  • Project: Print (third-party module)
  • Version: 5.x and 4.7.x
  • Date: 2007-July-09
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Multiple vulnerabilities in Database Administration (dba) module

By dww on
  • Advisory ID: DRUPAL-SA-2007-013.
  • Project: Database Administration (third-party module).
  • Version: 4.6.x-1.*, 4.7.x-1.*.
  • Date: 2007-April-11.
  • Security risk: Critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting and cross site request forgery.

Project issue tracking - Access bypass

By dww on
  • Advisory ID: DRUPAL-SA-2007-012.
  • Project: Project issue tracking (third-party module).
  • Version: 4.7.x-1.*, 4.7.x-2.*, 5.x-0.*.
  • Date: 2007-March-08.
  • Security risk: Critical.
  • Exploitable from: Remote.
  • Vulnerability: Access bypass.

Nodefamily - Access bypass

By heine on
  • Advisory ID: DRUPAL-SA-2007-011
  • Project: Node familty (third-party module)
  • Version: 5.x
  • Date: 2007-March-6
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Secure site - Access bypass

By heine on
  • Advisory ID: DRUPAL-SA-2007-010
  • Project: Secure site (third-party module)
  • Version: 4.7, 5
  • Date: 2007-Feb-16
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

getID3 library and Audio, Mediafield - arbitrary code execution

By heine on
  • Advisory ID: DRUPAL-SA-2007-009.
  • Project: getID3 (third-party library) used by Audio and Mediafield
  • Version: getID3 1.7.1
  • Date: 2007-Feb-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

Image pager - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2007-008
  • Project: Image Pager (third-party module)
  • Version: 4.7.x-1.x-dev, 5.x-1.x-dev
  • Date: 2007-02-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Textimage - response validation bypass

By heine on
  • Advisory ID: DRUPAL-SA-2007-007
  • Project: Textimage (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-31
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

Captcha - response validation bypass

By heine on
  • Advisory ID: DRUPAL-SA-2007-006
  • Project: Captcha (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

DRUPAL-SA-2007-005 - Drupal core - Arbitrary code execution

By heine on
  • Advisory ID: DRUPAL-SA-2007-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution
Categories: Drupal 4.7.x, Drupal 5.x

Pages

Subscribe with RSS Subscribe to Security advisories