Show advisories for only Drupal Core, only contributed projects, or only PSAs

DRUPAL-SA-2005-007 XSS vulnerability in submitted content

By dries on
  • Advisory ID: DRUPAL-SA-2005-007
  • Project: Drupal core
  • Date: 2005-11-30
  • Security risk: less critical
  • Impact: normal
  • Where: from remote
  • Vulnerability: XSS
Categories: Drupal 4.5.x or older, Drupal 4.6.x

Unintentionally logging credit card transactions

By chx on
  • Advisory ID: DRUPAL-SA-2005-006
  • Project: ecommerce
  • Date: 2005-Oct-30
  • Security risk: critical
  • Impact: authorize_net module, which is a part of the ecommerce package
  • Exploitable from: local
  • Vulnerability: System is unintentionally logging credit card transactions, including card numbers.

SQL injection and PHP code execution

By chx on
  • Advisory ID: DRUPAL-SA-2005-005
  • Project: flexinode
  • Date: 2005-Oct-03
  • Security risk: highly critical
  • Impact: flexinode module
  • Exploitable from: remote
  • Vulnerability: SQL injection and PHP execution by bypassing input format check

Pages

Subscribe with RSS Subscribe to Security advisories