Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 17 Oct 2012 at 18:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-156
Project: Search API (third-party module)
Version: 7.x
Date: 2012-October-17
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS)

By Drupal Security Team on 10 Oct 2012 at 17:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-155
Project: ShareThis (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities

By Drupal Security Team on 10 Oct 2012 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-154
Project: Basic webmail (third-party module)
Version: 6.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities

SA-CONTRIB-2012-153 - Mandrill - Information Disclosure

By Drupal Security Team on 10 Oct 2012 at 16:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-153
Project: Mandrill (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-152 - Feeds - Access bypass

By Drupal Security Team on 10 Oct 2012 at 16:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-152
Project: Feeds (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request Forgery

By Drupal Security Team on 3 Oct 2012 at 15:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-151
Project: Commerce extra panes (third-party module)
Version: 7.x
Date: 2012-October-3
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)

By Drupal Security Team on 3 Oct 2012 at 15:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-150
Project: Twitter Pull (third-party module)
Version: 6.x, 7.x
Date: 2012-October-03
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)

By Drupal Security Team on 3 Oct 2012 at 15:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-149
Project: Hostip (third-party module)
Version: 6.x, 7.x
Date: 2012-October-03
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-148 - OG - Access Bypass

By Drupal Security Team on 26 Sep 2012 at 20:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-148
Project: Organic groups (third-party module)
Version: 7.x
Date: 2012-September-26
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)

By Drupal Security Team on 19 Sep 2012 at 17:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-147
Project: FileField Sources (third-party module)
Version: 6.x, 7.x
Date: 2012-September-19
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS