Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-048 - Edit Limit - Access Bypass

By Drupal Security Team on 29 May 2013 at 14:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-048
Project: Edit Limit (third-party module)
Version: 7.x
Date: 2013-May-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

By Drupal Security Team on 15 May 2013 at 18:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-047
Project: Google Authenticator login (third-party module)
Version: 6.x, 7.x
Date: 2013-May-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-046 - Filebrowser - Reflected Cross Site Scripting (XSS)

By Drupal Security Team on 1 May 2013 at 15:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-046
Project: Filebrowser (third-party module)
Version: 6.x
Date: 2013-May-1
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass

By Drupal Security Team on 17 Apr 2013 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-045
Project: Autocomplete Widgets for Text and Number Fields (third-party module)
Version: 6.x, 7.x
Date: 2013-April-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 17 Apr 2013 at 16:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-044
Project: elFinder file manager (third-party module)
Version: 6.x, 7.x
Date: 2013-April-17
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-043 - MP3 Player - Cross Site Scripting (XSS)

By Drupal Security Team on 17 Apr 2013 at 14:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-043
Project: MP3 Player (third-party module)
Version: 6.x
Date: 2013-April-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-042 - RESTful Web Services (RESTWS) - Denial of Service

By Drupal Security Team on 10 Apr 2013 at 15:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-042
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2013-April-10
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of Service

SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass

By Drupal Security Team on 3 Apr 2013 at 18:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-041
Project: Chaos tool suite (ctools) (third-party module)
Version: 7.x
Date: 2013-April-03
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-040 - Commerce Skrill (Formerly Moneybookers) - Access bypass

By Drupal Security Team on 3 Apr 2013 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-040
Project: Commerce Skrill (Formerly Moneybookers) (third-party module)
Version: 7.x
Date: 2013-April-03
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation

By Drupal Security Team on 27 Mar 2013 at 20:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-039
Project: Commons Wikis (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Multiple vulnerabilities

Pages

Subscribe with RSS