Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Nov 2012 at 20:44 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-165
Project: Chaos tool suite (ctools) (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Nov 2012 at 19:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-164
Project: Smiley (third-party module)
Project: Smileys (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-163 - User Read-Only - Permission escalation

By Drupal Security Team on 14 Nov 2012 at 19:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-163
Project: User Read-Only (third-party module)
Version: 6.x, 7.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

By Drupal Security Team on 14 Nov 2012 at 16:55 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-162
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass

By Drupal Security Team on 7 Nov 2012 at 21:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-161
Project: Webform CiviCRM Integration (third-party module)
Version: 7.x
Date: 2012-November-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)

By Drupal Security Team on 7 Nov 2012 at 21:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-160
Project: OM Maximenu (third-party module)
Version: 6.x, 7.x
Date: 2012-November-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords

By Drupal Security Team on 31 Oct 2012 at 18:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-159
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2012-October-31
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Oct 2012 at 18:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-158
Project: MailChimp (third-party module)
Version: 7.x
Date: 2012-October-24
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-157 - Time Spent - Multiple Vulnerabilities - (unsupported)

By Drupal Security Team on 24 Oct 2012 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-157
Project: Time Spent (third-party module)
Version: 6.x, 7.x
Date: 2012-October-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery, SQL Injection, Multiple vulnerabilities

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

By Drupal Security Team on 17 Oct 2012 at 21:29 UTC

Advisory ID: DRUPAL-SA-CORE-2012-003
Project: Drupal core
Version: 7.x
Date: 2012-October-17
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Information Disclosure, Arbitrary PHP code execution

Pages

Subscribe with RSS