Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 19 Dec 2012 at 18:46 UTC

Advisory ID: DRUPAL-SA-CORE-2012-004
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-December-19
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Arbitrary PHP code execution

SA-CONTRIB-2012-174 - Context - Information Disclosure

By Drupal Security Team on 19 Dec 2012 at 18:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-174
Project: Context (third-party module)
Version: 6.x, 7.x
Date: 2012-12-19
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-173 - Nodewords: Information disclosure

By Drupal Security Team on 5 Dec 2012 at 17:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-173
Project: Nodewords: D6 Meta Tags (third-party module)
Version: 6.x
Date: 2012-December-05
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS)

By Drupal Security Team on 28 Nov 2012 at 22:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-172
Project: Zero Point (third-party module)
Version: 6.x, 7.x
Date: 2012-November-28
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)

By Drupal Security Team on 28 Nov 2012 at 20:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-171
Project: Webmail Plus (third-party module)
Version: 6.x
Date: 2012-November-28
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2012-170 - MultiLink - Access Bypass

By Drupal Security Team on 28 Nov 2012 at 20:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-170
Project: Multi-Language Link and Redirect (MultiLink) (third-party module)
Version: 6.x, 7.x
Date: 2012-November-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass

By Drupal Security Team on 28 Nov 2012 at 19:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-169
Project: Email Field (third-party module)
Version: 6.x
Date: 2012-11-28
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Access bypass

SA-CONTRIB-2012-168 - Services - Information Disclosure

By Drupal Security Team on 28 Nov 2012 at 19:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-168
Project: Services (third-party module)
Version: 6.x, 7.x
Date: 2012-11-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)

By Drupal Security Team on 28 Nov 2012 at 19:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-167
Project: Mixpanel (third-party module)
Version: 6.x
Date: 2012-November-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-166 - Table of Contents - Access Bypass

By Drupal Security Team on 14 Nov 2012 at 21:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-166
Project: Table of Contents (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS