Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-076 - Ubercart Product Keys Access Bypass

By Drupal Security Team on 16 May 2012 at 15:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-076
Project: Ubercart Product Keys (third-party module)
Version: 6.x
Date: 2012-May-16
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-075 - Take Control - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 9 May 2012 at 16:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-075
Project: Take Control (third-party module)
Version: 6.x
Date: 2012-May-09
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-074 - Contact Forms - Access Bypass

By Drupal Security Team on 9 May 2012 at 16:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-074
Project: Contact Forms (third-party module)
Version: 7.x
Date: 2012-May-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

By Drupal Security Team on 9 May 2012 at 16:24 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-073
Project: Glossary (third-party module)
Version: 6.x
Date: 2012-May-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-072 - cctags - Cross Site Scripting (XSS)

By Drupal Security Team on 2 May 2012 at 19:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-072
Project: cctags (third-party module)
Version: 6.x, 7.x
Date: 2012-May-02
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

By Drupal Security Team on 2 May 2012 at 15:17 UTC

Advisory ID: DRUPAL-SA-CORE-2012-002
Project: Drupal core
Version: 7.x
Date: 2012-May-2
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect

SA-CONTRIB-2012-071 - Glossify - Cross Site Scripting (XSS) - Unsupported

By Drupal Security Team on 2 May 2012 at 14:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-071
Project: Glossify Internal Links Auto SEO (third-party module)
Version: 6.x
Date: 2012-May-02
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-070 - Taxonomy Grid : Catalog - Cross Site Scripting (XSS) - Unsupported

By Drupal Security Team on 2 May 2012 at 14:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-070
Project: Taxonomy Grid : Catalog (third-party module)
Version: 6.x
Date: 2012-May-02
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-069 - Addressbook - Multiple vulnerabilities - Unsupported

By Drupal Security Team on 2 May 2012 at 14:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-069
Project: Addressbook (third-party module)
Version: 6.x
Date: 2012-May-02
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery, SQL Injection

SA-CONTRIB-2012-068 - Node Gallery - Cross Site Request Forgery (CSRF) - Unsupported

By Drupal Security Team on 2 May 2012 at 14:09 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-068
Project: Node Gallery (third-party module)
Version: 6.x
Date: 2012-May-02
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS