Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-009 - Keyboard Shortcut Utility - Access Bypass - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-009
Project: Keyboard Shortcut Utility (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-008
Project: CurvyCorners (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 16:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-007
Project: User Relationships (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-006 - Video - Arbitrary Code Execution

By Drupal Security Team on 23 Jan 2013 at 16:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-006
Project: Video (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Arbitrary PHP code execution

SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 16 Jan 2013 at 22:07 UTC

Advisory ID: DRUPAL-SA-CORE-2013-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2013-January-16
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Access bypass

SA-CONTRIB-2013-005 - Mark Complete Module - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 16 Jan 2013 at 20:22 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-005
Project: Mark Complete (third-party module)
Version: 7.x
Date: 2013-January-16
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-004 - Live CSS - Arbitrary Code Execution

By Drupal Security Team on 16 Jan 2013 at 16:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-004
Project: Live CSS (third-party module)
Version: 6.x, 7.x
Date: 2012-January-16
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Arbitrary PHP code execution

SA-CONTRIB-2013-003 - RESTful Web Services - Cross site request forgery (CSRF)

By Drupal Security Team on 16 Jan 2013 at 14:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-003
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2013-January-16
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-002 - Payment - Access Bypass

By Drupal Security Team on 9 Jan 2013 at 16:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-002
Project: Payment (third-party module)
Version: 7.x
Date: 2013-January-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-001 - Search API - Cross Site Scripting

By Drupal Security Team on 9 Jan 2013 at 15:51 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-001
Project: Search API (third-party module)
Version: 7.x
Date: 2013-January-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS