Show advisories for only Drupal Core, only contributed projects, or only PSAs

Direct download links available even during Drupal.org upgrade window - PSA-2013-002

Date: 
2013-October-30

This is a short addition to the security announcements released on October 30th.

Due to Drupal.org's scheduled downtime on October 31, not all links in those mails may be available when you need them.

If you encounter this situation, please use the following direct URLs to the archives containing the updates.

SA-CONTRIB-2013-086 - Monster Menus - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-086
  • Project: Monster Menus (third-party module)
  • Version: 7.x
  • Date: 2013-October-30
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2013-085 - Feed Element Mapper - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-085
  • Project: Feed Element Mapper (third-party module)
  • Version: 6.x
  • Date: 2013-October-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2013-084 - FileField Sources - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-084
  • Project: FileField Sources (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-October-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-083 - Quiz - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-083
  • Project: Quiz (third-party module)
  • Version: 6.x
  • Date: 2013-October-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Information Disclosure, Multiple vulnerabilities
Categories: Drupal 6.x

SA-CONTRIB-2013-082 - Bean - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-082
  • Project: Bean (third-party module)
  • Version: 7.x
  • Date: 2013-10-23
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2013-081 - Spaces - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-081
  • Project: Spaces (third-party module)
  • Version: 6.x
  • Date: 2013-10-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-080
  • Project: Simplenews (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-Month-DD
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-079 - Context - Multiple Vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-079
  • Project: Context (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-2013-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Arbitrary PHP code execution
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-078 - Quick Tabs - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-078
  • Project: Quick Tabs (third-party module)
  • Version: 6.x, 7.x
  • Date: 2013-October-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories