Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2011-004 - Multiple Vulnerabilities In Multiple Contributed Modules

By Drupal Security Team on 2 Feb 2011 at 18:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-004
Projects: Multiple third party modules - OG Forum, Open Legislation, PowerSQL
Version: 6.x
Date: 2011-February-02
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple (Information disclosure, Cross Site Scripting, Cross Site Request Forgery, SQL injection)

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

By Drupal Security Team on 19 Jan 2011 at 22:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-003
Project: Janrain Engage (formerly RPX) (third-party module)
Version: 6.x
Date: 2011-January-19
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting or Arbitrary Code Execution

SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)

By Drupal Security Team on 13 Jan 2011 at 01:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-002
Project: Panels (third-party module)
Version: 6.x
Date: 2011-January-12
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-001 - Webform - SQL Injection

By Drupal Security Team on 10 Jan 2011 at 10:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-001
Project: Webform (third-party module)
Version: 6.x
Date: 2011-January-10
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2010-113 - Image - Cross Site Scripting

By Drupal Security Team on 22 Dec 2010 at 21:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-113
Project: Image (third-party module)
Version: 5.x, 6.x
Date: 2010-December-22
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

By Drupal Security Team on 22 Dec 2010 at 21:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-112
Project: oEmbed (third-party module)
Version: 6.x
Date: 2010-December-22
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Access Bypass

SA-CONTRIB-2010-111 - Views - Cross Site Scripting

By Drupal Security Team on 15 Dec 2010 at 20:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-111
Project: Views (third-party module)
Version: 6.x
Date: 2010-December-15
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2010-110 - Drupal For Firebug - Cross-site Request Forgery

By Drupal Security Team on 15 Dec 2010 at 19:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-110
Project: Drupal For Firebug (third-party module)
Version: 5.x, 6.x
Date: 2010-Dec-15
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross-site Request Forgery

SA-CONTRIB-2010-109 - Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam - Multiple Vulnerabilities

By Drupal Security Team on 8 Dec 2010 at 22:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-109
Projects: Embedded Media Field, Media: Video Flotsam, Media: Audio Flotsam (third-party module)
Version: 5.x and 6.x
Date: 2010-December-08
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2010-108 - Who Bought What|Ubercart - Multiple Vulnerabilities

By Drupal Security Team on 8 Dec 2010 at 21:25 UTC

DRUPAL-SA-CONTRIB-2010-108
Project: Who Bought What|Ubercart (third-party module)
Version: 6.x
Date: 2010-Dec-08
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Multiple Vulnerabilities

Pages

Subscribe with RSS