Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-2008-070 - Comment Mail - Cross site request forgery

By scor on 26 Nov 2008 at 18:40 UTC

Advisory ID: DRUPAL-SA-2008-070
Project: Comment Mail
Versions: 5.x
Date: 2008-November-26
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities

By Damien Tournoud on 5 Nov 2008 at 18:51 UTC

Advisory ID: DRUPAL-SA-2008-069
Project: Content Construction Kit (third-party module)
Versions: 5.x, 6.x
Date: 2008-November-5
Security risk: Minor
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2008-068 - Localization client and Localization server - Cross site request forgery

By gábor hojtsy on 22 Oct 2008 at 20:34 UTC

Advisory ID: DRUPAL-SA-2008-068
Project: Localization client and Localization server (third-party modules)
Versions: 5.x, 6.x
Date: 2008-October-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

SA-2008-067 - Drupal core - Multiple vulnerabilities

By gábor hojtsy on 22 Oct 2008 at 19:06 UTC

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

By heine on 15 Oct 2008 at 19:02 UTC

Advisory ID: DRUPAL-SA-2008-066
Project: Shindig-Integrator (third-party module)
Versions: 5.x
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-2008-065 - Node Clone - Access bypass

By pwolanin on 15 Oct 2008 at 18:27 UTC

Advisory ID: DRUPAL-SA-2008-065
Project: Node Clone (third-party module)
Version: 6.x, and 5.x.
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-2008-064 - Node Vote - SQL injection vulnerability

By kbahey on 15 Oct 2008 at 16:46 UTC

Advisory ID: DRUPAL-SA-2008-064
Project: Node Vote (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-15
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection

SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates

By pwolanin on 9 Oct 2008 at 19:41 UTC

Advisory ID: DRUPAL-SA-2008-063
Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
Version: 6.x
Date: 2008-October-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-2008-062 - SIOC - access bypass

By Amazon on 8 Oct 2008 at 21:47 UTC

Advisory ID: DRUPAL-SA-2008-062
Project: SIOC (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-08
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-2008-061 - Everyblog - Multiple vulnerabilities

By Amazon on 8 Oct 2008 at 21:45 UTC

Advisory ID: DRUPAL-SA-2008-061
Project: EveryBlog (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-08
Security risk: Highly critical
Exploitable from: Remote
Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass

Pages

Subscribe with RSS