Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2009-004 - Notify - Privilege escalation

By heine on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-004
  • Project: Notify
  • Versions: 5.x
  • Date: 2009-January-15
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation

SA-CORE-2009-001 Drupal core - Multiple vulnerabilities

By gábor hojtsy on
  • Advisory ID: DRUPAL-SA-CORE-2009-001
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2009-January-14
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 5.x, Drupal 6.x

SA-CONTRIB-2009-003 - Internationalizaion (i18n) Translation module - Access bypass

By pwolanin on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-003
  • Project: Internationalization (i18n) (third-party module)
  • Version: 5.x-2.x
  • Date: 2009-January-14
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CONTRIB-2009-002 - Project issue tracking - Multiple vulnerabilities

By dww on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-002
  • Project: Project issue tracking (third-party module)
  • Version: 5.x-2.x
  • Date: 2009-January-07
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Node access bypass, Cross-site scripting (XSS)

SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities

By dww on
  • Advisory ID: DRUPAL-SA-CONTRIB-2009-001
  • Project: Project release (third-party module)
  • Version: 5.x
  • Date: 2009-January-07
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerabilities: Arbitrary file upload, Cross-site scripting (XSS)

SA-2008-075 - Views - SQL Injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-2008-075
  • Project: Views
  • Versions: 6.x
  • Date: 2008-December-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection

SA-2008-074 - Services - Insecure signing

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-2008-074
  • Project: Services (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-December-17
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Repeat attacks and impersonation

SA-2008-073 - Drupal core - Multiple vulnerabilities

By gábor hojtsy on
  • Advisory ID: DRUPAL-SA-2008-073
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-December-10
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities
Categories: Drupal 5.x, Drupal 6.x

SA-2008-072 - Storm Project - SQL injection

By killes@www.drop.org on
  • Advisory ID: DRUPAL-SA-2008-072
  • Project: Storm Project
  • Versions: 5.x and 6.x
  • Date: 2008-December-03
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection

SA-2008-071 - User Karma - Multiple vulnerabilities

By scor on
  • Advisory ID: DRUPAL-SA-2008-071
  • Project: User Karma
  • Versions: 5.x and 6.x
  • Date: 2008-November-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection, Cross-site scripting (XSS)

Pages

Subscribe with RSS Subscribe to Security advisories