Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

By Drupal Security Team on 6 Jun 2012 at 19:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-096
Project: Authoring HTML (third-party module)
Version: 6.x
Date: 2012-June-06
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-095 - Simplenews - Information Disclosure

By Drupal Security Team on 6 Jun 2012 at 19:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-095
Project: Simplenews (third-party module)
Version: 6.x, 7.x
Date: 2012-June-06
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

By Drupal Security Team on 6 Jun 2012 at 19:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-094
Project: Maestro (third-party module)
Version: 7.x
Date: 2012-June-06
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-093 - Node Embed - Access Bypass

By Drupal Security Team on 6 Jun 2012 at 19:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-093
Project: Node Embed (third-party module)
Version: 6.x, 7.x
Date: 2012-June-06
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-092 - Organic Groups - Cross Site Scripting (XSS) and Access Bypass

By Drupal Security Team on 6 Jun 2012 at 19:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-092
Project: Organic groups (third-party module)
Version: 6.x
Date: 2012-June-06
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Access bypass

SA-CONTRIB-2012-091 - Token Authentication - Access bypass

By Drupal Security Team on 6 Jun 2012 at 19:22 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-091
Project: Tokenauth (third-party module)
Version: 6.x
Date: 2012-June-06
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-090 - File depot - Session Management Vulnerability

By Drupal Security Team on 30 May 2012 at 18:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-090
Project: filedepot (third-party module)
Version: 6.x
Date: 2012-May-30
Security risk: Critical
Exploitable from: remote
Vulnerability: Access bypass

SA-CONTRIB-2012-089 - Counter - SQL Injection (unsupported)

By Drupal Security Team on 30 May 2012 at 18:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-089
Project: Counter (third-party module)
Version: 6.x
Date: 2012-May-30
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2012-088 - Mobile Tools - Cross Site Scripting (XSS)

By Drupal Security Team on 30 May 2012 at 18:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-088
Project: Mobile Tools (third-party module)
Version: 6.x
Date: 2012-May-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-087 - Comment Moderation - Cross Site Request Forgery

By Drupal Security Team on 30 May 2012 at 18:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-087
Project: Comment Moderation (third-party module)
Version: 6.x
Date: 2012-May-30
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS