Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2010-029: Keys - Cross-site Request Forgery

By Drupal Security Team on 17 Mar 2010 at 20:43 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-029
Project: Keys (third-party module)
Version: 6.x
Date: 2010-March-17
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross-site Request Forgery

SA-CONTRIB-2010-028 - Tag Order - Cross Site Scripting

By Drupal Security Team on 17 Mar 2010 at 20:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-028
Project: Tag Order (third-party module)
Version: 5.x, 6.x
Date: 2010-March-17
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution

By Drupal Security Team on 17 Mar 2010 at 20:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-027
Project: Email Input Filter (third-party module)
Version: 5.x, 6.x
Date: 2010-March-17
Security risk: Critical
Exploitable from: Remote
Vulnerability: Arbitrary code execution

SA-CONTRIB-2010-026 - Monthly Archive by Node Type - Access Bypass

By Drupal Security Team on 10 Mar 2010 at 16:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-026
Project: Monthly Archive by Node Type (third-party module)
Version: 6.x (all branches)
Date: 2010-March-10
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Access Bypass

SA-CONTRIB-2010-025 - TinyMCE - Cross Site Scripting (XSS)

By greggles on 10 Mar 2010 at 14:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-025
Project: TinyMCE (third-party module)
Version: 5.x
Date: 2010-March-09
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on 3 Mar 2010 at 19:31 UTC

Advisory ID: DRUPAL-SA-CORE-2010-001
Project: Drupal core
Version: 5.x, 6.x
Date: 2010-March-03
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross site scripting, Open redirect, Authorization vulnerability

SA-CONTRIB-2010-024 - eTracker - Cross Site Scripting

By Drupal Security Team on 3 Mar 2010 at 19:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-024
Project: eTracker (third-party module)
Version: 6.x-1.1
Date: 2010-March-03
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-023 - Workflow - Cross Site Scripting

By Drupal Security Team on 3 Mar 2010 at 18:37 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-023
Project: Workflow (third-party module)
Version: 6.x, 5.x
Date: 2010-March-03
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-022 - Internationalization - Arbitrary code execution

By Drupal Security Team on 3 Mar 2010 at 18:28 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-022
Project: Internationalization (third-party module)
Version: 6.x-1.x 5.x-2.x
Date: 2010-March-03
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Arbitrary code execution

SA-CONTRIB-2010-021 - AddThis Button - Cross Site Scripting

By Drupal Security Team on 3 Mar 2010 at 17:36 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-021
Project: AddThis Button (third-party module)
Version: 6.x, 5.x
Date: 2010-March-03
Security risk: Less Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS