Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-009 - Revisioning - Access bypass

By Drupal Security Team on 18 Jan 2012 at 17:13 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-009
Project: Revisioning (third-party module)
Version: 7.x
Date: 2012-January-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

Hash DOS attack prevention with Suhosin needs a .htaccess edit - PSA-2012-001

Date:

2012-January-11

Advisory ID: DRUPAL-PSA-2012-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2012-01-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Denial of Service

SA-CONTRIB-2012-008 - Video Filter - Cross Site Scripting

By Drupal Security Team on 11 Jan 2012 at 20:28 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-008
Project: Video Filter (third-party module)
Version: 6.x, 7.x
Date: 2012-JANUARY-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-007 - Password Policy - Multiple vulnerabilities

By Drupal Security Team on 11 Jan 2012 at 17:53 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-007
Project: Password policy (third-party module)
Version: 6.x
Date: 2012-January-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-006 XSS and CSRF in Multiple Modules - Supercron, Taxotouch, Admin:hover, Taxonomy Navigator no longer supported

By Drupal Security Team on 11 Jan 2012 at 17:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-006
Projects: SuperCron, Taxotouch, Taxonomy Navigator, Admin:hover (third-party modules)
Version: 6.x, 7.x
Date: 2012-January-11
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery

SA-CONTRIB-2012-005 - Vote up/down - Cross Site Scripting

By Drupal Security Team on 11 Jan 2012 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-005
Project: Vote Up/Down (third-party module)
Version: 6.x
Date: 2012-January-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-004 - Date - SQL injection

By Drupal Security Team on 11 Jan 2012 at 14:58 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-004
Project: Date (third-party module)
Version: 6.x
Date: 2012-January-11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2012-003 - Fill PDF - Multiple vulnerabilities

By Drupal Security Team on 4 Jan 2012 at 23:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-003
Project: Fill PDF (third-party module)
Version: 6.x, 7.x
Date: 2012-JANUARY-04
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Arbitrary code execution

SA-CONTRIB-2012-002 - Lingotek - Cross Site Scripting

By Drupal Security Team on 4 Jan 2012 at 20:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-002
Project: Lingotek Collaborative Translation (third-party module)
Version: 6.x
Date: 2012-January-04
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-001 - Registration Codes - Access bypass

By Drupal Security Team on 4 Jan 2012 at 19:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-001
Project: Registration Codes (third-party module)
Version: 6.x
Date: 2012-January-04
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS