Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-076 - Flag Content Cross Site Scripting

By kbahey on 21 Oct 2009 at 18:28 UTC

Advisory ID: SA-CONTRIB-2009-076
Project: Flag Content (third-party module)
Version: 5.x
Date: 2009-October-21
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

DRUPAL-SA-CONTRIB-2009-077 - Userpoints - Information disclosure

By Drupal Security Team on 21 Oct 2009 at 17:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-077
Project: Userpoints (third party module)
Version: 6.x
Date: 2009-October-21
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Information disclosure

SA-CONTRIB-2009-074- Webform - Multiple vulnerabilities

By cwgordon7 on 15 Oct 2009 at 02:22 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-074
Project: Webform (third-party module)
Version: 5.x, 6.x
Date: 2009-October-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

DRUPAL-SA-CONTRIB-2009-073 - Printer, e-mail and PDF versions multiple vulnerabilities

By Drupal Security Team on 14 Oct 2009 at 23:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-073
Project: Printer, e-mail and PDF versions (third-party module)
Version: 5.x, 6.x
Date: 2009-October-14
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-072 - RealName - Cross Site Scripting

By drumm on 14 Oct 2009 at 22:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-072
Project: RealName (third-party module)
Version: 6.x
Date: 2009-October-14
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-071 - Organic Groups Vocabulary Access Bypass

By greggles on 14 Oct 2009 at 17:42 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-071
Project: OG Vocabulary (third party module)
Version: 6.x
Date: 2009-October-14
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2009-070 - Shibboleth authentication - Impersonation, privilege escalation

By coltrane on 14 Oct 2009 at 17:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-070
Project: Shibboleth authentication (third-party module)
Version: 6.x, 5.x
Date: 2009-October-14
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Impersonation, privilege escalation

SA-CONTRIB-2009-068 - Boost - Filesystem Directory Creation

By Drupal Security Team on 30 Sep 2009 at 20:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-068
Project: Boost (third-party module)
Version: 6.x-1.*
Date: 2009-09-30
Security risk: Low
Exploitable from: Remote
Vulnerability: Filesystem Directory Creation

SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting

By Drupal Security Team on 30 Sep 2009 at 20:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-069
Project: Shared Sign On (third-party module)
Version: 5.x, 6.x
Date: 2009 September 30
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-067 Dex module - Cross Site Scripting, no longer maintained

By Drupal Security Team on 30 Sep 2009 at 18:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-067
Project: Dex: Contact Information Manager (third-party module)
Version: 5.x, 6.x
Date: 2009-Sept-30
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS