Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2011-022 - Cosign - SQL Injection

By Drupal Security Team on 8 Jun 2011 at 17:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-022
Project: cosign (third-party module)
Version: 6.x
Date: 2011-June-08
Security risk: Less critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 25 May 2011 at 18:07 UTC

Advisory ID: DRUPAL-SA-CORE-2011-001
Project: Drupal core
Version: 6.x, 7.x
Date: 2011-May-25
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass, Cross Site Scripting

SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities

By Drupal Security Team on 18 May 2011 at 23:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-021
Project: Webform (third-party module)
Version: 6.x, 7.x
Date: 2011-May-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Multiple vulnerabilities

SA-CONTRIB-2011-020 - Taxonomy Access Control Lite (tac_lite) - Cross Site Scripting

By Drupal Security Team on 11 May 2011 at 21:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-020
Project: Taxonomy Access Control Lite (third-party module)
Version: 6.x
Date: 2011-May-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-019 - Menu Access - Cross Site Scripting

By Drupal Security Team on 4 May 2011 at 19:28 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-019
Project: Menu Access (third-party module)
Version: 6.x
Date: 2011-MAY-04
Security risk: Moderately critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-018 - Node Reference URL Widget - Cross Site Scripting

By Drupal Security Team on 27 Apr 2011 at 19:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-018
Project: Node Reference URL Widget (third-party module)
Version: 6.x, 7.x
Date: 2011-April-27
Security risk: Moderately critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-017 - Save Draft - Validation Bypass

By Drupal Security Team on 27 Apr 2011 at 16:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-017
Project: Save Draft (third-party module)
Version: 6.x, 7.x
Date: 2011-April-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Validation bypass

SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure

By Drupal Security Team on 6 Apr 2011 at 16:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-016
Project: Node Quick Find (third-party module)
Version: 6.x
Date: 2011-APRIL-06
Security risk: Not critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2011-015 - Translation Management - Multiple Vulnerabilities

By greggles on 30 Mar 2011 at 20:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-015
Project: Translation Management (third-party module)
Version: 6.x
Date: 2011-March-30
Security risk: Critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgeries, SQL Injection

SA-CONTRIB-2011-014 - Webform Block - Cross Site Scripting

By mr.baileys on 23 Mar 2011 at 18:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-014
Project: Webform Block (third-party module)
Version: 6.x
Date: 2011-March-23
Security risk: Moderately critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS