Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)

By Drupal Security Team on 29 Aug 2012 at 21:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-136
Project: Apache Solr Autocomplete (third-party module)
Version: 6.x, 7.x
Date: 2012-August-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

By Drupal Security Team on 29 Aug 2012 at 18:23 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-135
Project: CAPTCHA (third-party module)
Version: 6.x
Date: 2012-August-29
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-134 - Views - Privilege Escalation

By Drupal Security Team on 29 Aug 2012 at 18:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-134
Project: Views (third-party module)
Version: 6.x
Date: 2012-August-29
Security risk: Critical
Exploitable from: Remote
Vulnerability: Privilege escalation

SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution

By Drupal Security Team on 29 Aug 2012 at 18:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-133
Project: Taxonomy Image (third-party module)
Version: 6.x
Date: 2012-August-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Arbitrary PHP code execution

SA-CONTRIB-2012-132 - Announcements - Access Bypass

By Drupal Security Team on 29 Aug 2012 at 18:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-132
Project: Announcements (third-party module)
Version: 6.x
Date: 2012-August-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-131 - Email Field - Access Bypass

By Drupal Security Team on 29 Aug 2012 at 18:02 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-131
Project: Email Field (third-party module)
Version: 6.x, 7.x
Date: 2012-August-29
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-130 - Jstool - Multiple Vulnerabilities

By Drupal Security Team on 29 Aug 2012 at 15:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-130
Project: Javascript Tool (third-party module)
Version: 7.x
Date: 2012-August-29
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2012-129 - Activism - Access Bypass

By Drupal Security Team on 29 Aug 2012 at 14:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-129
Project: Activism (third-party module)
Version: 6.x
Date: 2012-08-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access Bypass

SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)

By Drupal Security Team on 15 Aug 2012 at 17:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-128
Project: Elegant Theme (third-party module)
Version: 7.x
Date: 2012-August-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability

By Drupal Security Team on 15 Aug 2012 at 16:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-127
Project: Custom Publishing Options (third-party module)
Version: 6.x
Date: 2012-August-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS