Show advisories for only Drupal Core, only contributed projects, or only PSAs

PHP exploit using Drupal circulating - PSA-2007-001

Date: 
2007-October-17
  • Project: PHP
  • Version: PHP 4 < 4.4.3, PHP 5 < 5.1.4
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: unset() hash / index collision exploit using Drupal (CVE-2006-3017)

Description

SA-2007-022 - Boost - file overwrite

By bjaspan on
  • Advisory ID: DRUPAL-SA-2007-022.
  • Project: Boost (third-party module)
  • Version: 4.7.x-1.*, 5.x-0.*
  • Date: 2007-10-03
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Filesystem overwrite

SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

By hunmonk on
  • Advisory ID: DRUPAL-SA-2007-021.
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x
  • Date: 2007-Sep-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

Project and Project issue tracking - Access bypass

By dww on
  • Advisory ID: DRUPAL-SA-2007-020.
  • Project: Project and Project issue tracking (third-party modules)
  • Version: 4.7.x-1.*, 4.7.x-2.*, 5.x-0.*
  • Date: 2007-Aug-20
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Content Construction Kit - Cross site scripting

By heine on
  • Advisory ID: DRUPAL-SA-2007-019
  • Project: Content Construction Kit (CCK) (third-party module)
  • Version: 4.7.x-1.x, 5.x-1.x
  • Date: 2007-August-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Drupal core - Multiple cross site scripting vulnerabilities

By heine on
  • Advisory ID: DRUPAL-SA-2007-018
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-July-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities
Categories: Drupal 4.7.x, Drupal 5.x

Drupal core - Cross site request forgeries

By heine on
  • Advisory ID: DRUPAL-SA-2007-017
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-July-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site request forgeries
Categories: Drupal 5.x

LoginToboggan - Cross site scripting

By dww on
  • Advisory ID: DRUPAL-SA-2007-016
  • Project: LoginToboggan (third-party module)
  • Version: 4.7.x-1.0, 4.7.x-1.x-dev, 5.x-1.x-dev
  • Date: 2007-07-12
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Forward - Access bypass

By AjK on
  • Advisory ID: DRUPAL-SA-2007-015
  • Project: Forward (third-party module)
  • Version: 5.x and 4.7.x
  • Date: 2007-July-09
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Print - Access bypass

By AjK on
  • Advisory ID: DRUPAL-SA-2007-014
  • Project: Print (third-party module)
  • Version: 5.x and 4.7.x
  • Date: 2007-July-09
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Pages

Subscribe with RSS Subscribe to Security advisories