Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

By Drupal Security Team on 20 May 2010 at 02:35 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-058
Project: Chaos tool suite (third-party module)
Versions: 6.x
Date: 2010 May 19
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)

By Drupal Security Team on 20 May 2010 at 02:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-057
Project: Rotor Banner (third-party module)
Versions: 6.x-2.x, 5.x-1.x
Date: 2010-May-19
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-056 - User Queue - Cross Site Request Forgery

By Drupal Security Team on 19 May 2010 at 23:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-056
Project: User Queue (third-party module)
Versions: 6.x
Date: 2010-May-19
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross-site Request Forgery

SA-CONTRIB-2010-055 - Simplenews - Access bypass

By Drupal Security Team on 19 May 2010 at 22:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-055
Project: Simplenews (third-party module)
Version: 6.x
Date: 2010-May-19
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2010-054 - Storm - Cross Site Scripting (XSS)

By Drupal Security Team on 19 May 2010 at 22:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-054
Project: Storm (third-party module)
Version: 6.x
Date: 2010-May-19
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting (XSS)

SA-CONTRIB-2010-053 - External Link Page - Cross Site Scripting (XSS)

By Drupal Security Team on 19 May 2010 at 22:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-053
Project: External Link Page (third-party module)
Version: 5.x, 6.x
Date: 2010-May-19
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-052 - Multiple vulnerabilities in multiple contributed modules

By Drupal Security Team on 19 May 2010 at 21:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-052
Projects: Multiple third party modules - Privatemsg, Weather Underground, Tellafriend, Menu Block Split, osCommerce, Download Count, Comment Page, False Account Detector, User Queue
Version: 5.x, 6.x
Date: 2010-05-19
Security risks: Critical
Exploitable from: Remote
Vulnerability: Multiple (Cross-site Request Forgery, Cross-site scripting, Email header injection, SQL Injection)

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

By Drupal Security Team on 19 May 2010 at 19:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-051
Project: Heartbeat (third-party module)
Version: 6.x
Date: 2010-May-19
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-050 - CAPTCHA - Cross Site Scripting

By Drupal Security Team on 19 May 2010 at 19:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-050
Project: CAPTCHA (third-party module)
Version: 5.x, 6.x
Date: 2010-May-19
Security risk: Not Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-049 - Wordpress Import - Access bypass

By Drupal Security Team on 19 May 2010 at 17:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-049
Project: Wordpress Import (third-party module)
Version: 6.x
Date: 2010-May-19
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS