Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF) and Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-116
  • Project: Subuser (third-party module)
  • Version: 6.x
  • Date: 2012-July-25
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-115
  • Project: Gallery formatter (third-party module)
  • Version: 7.x
  • Date: 2012-July-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-114
  • Project: Campaign Monitor (third-party module)
  • Version: 6.x
  • Date: 2012-July-18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-113
  • Project: Drupal Commons (third-party module)
  • Version: 6.x
  • Date: 2012-July-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow guideline/specification

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-112
  • Project: Ubercart SecureTrading Payment Method (third-party module)
  • Version: 6.x
  • Date: 2012-July-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Failure to follow guideline/specification - integrity check value
Categories: Drupal 6.x

SA-CONTRIB-2012-111 - Security Questions - Access Bypass

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-111
  • Project: Security Questions (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-July-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-110
  • Project: Colorbox Node (third-party module)
  • Version: 7.x
  • Date: 2012-July-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CONTRIB-2012-109 - Restrict node page view - Access bypass

By Drupal Security Team on
Categories: Drupal 7.x

SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-108
  • Project: Drag & Drop Gallery (third-party module)
  • Version: 6.x
  • Date: 2012-July-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Access bypass, Cross Site Request Forgery, SQL Injection, Arbitrary PHP code execution

SA-CONTRIB-2012-107 - Search autocomplete - Access bypass

By Drupal Security Team on
  • Advisory ID: SA-CONTRIB-2012-107
  • Project: Search Autocomplete (third-party module)
  • Version: 7.x
  • Date: 2012-July-11
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories