Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

Acidfree - SQL injection

By heine on 23 Jan 2007 at 21:03 UTC

Advisory ID: DRUPAL-SA-2007-003.
Project: Acidfree (third-party module).
Version: 4.6.x, 4.7.x
Date: 2007-Jan-23.
Security risk: Highly critical.
Exploitable from: Remote.
Vulnerability: SQL Injection.

Drupal core - Denial of service

By heine on 19 Dec 2006 at 15:53 UTC

Advisory ID: DRUPAL-SA-2007-002.
Project: Drupal Core.
Version: 4.6, 4.7
Date: 2007-Jan-05.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Denial of service.

Drupal core - Cross site scripting

By heine on 19 Dec 2006 at 15:43 UTC

Advisory ID: DRUPAL-SA-2007-001.
Project: Drupal Core.
Version: 4.6, 4.7.
Date: 2007-Jan-05.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Cross site scripting.

MySite - Cross site scripting

By heine on 18 Dec 2006 at 09:21 UTC

Advisory ID: DRUPAL-SA-2006-032.
Project: MySite (third-party module).
Version: 4.7.0, 4.7.x-3.2, 5.x-1.2.
Date: 2006-12-18.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Cross site scripting.

Project and Project issue tracking XSS

By dww on 18 Dec 2006 at 07:52 UTC

Advisory ID: DRUPAL-SA-2006-031.
Project: Project and Project issue tracking (third party modules).
Date: 2006-Dec-18.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Cross site scripting.

Chatroom - Security bypass

By heine on 11 Dec 2006 at 09:44 UTC

Advisory ID: DRUPAL-SA-2006-030.
Project: Chatroom (third-party module).
Date: 2006-Dec-11.
Security risk: Highly critical.
Exploitable from: Remote.
Vulnerability: Security bypass.

Help Tip - Multiple vulnerabilities

By heine on 11 Dec 2006 at 09:27 UTC

Advisory ID: DRUPAL-SA-2006-029.
Project: Help Tip (third-party module).
Date: 2006-Dec-11.
Security risk: highly critical.
Exploitable from: remote.
Vulnerability: SQL Injection, Cross site scripting.

CVS management/tracker XSS

By heine on 5 Dec 2006 at 20:48 UTC

Advisory ID: DRUPAL-SA-2006-028.
Project: CVS management/tracker (third party module).
Date: 2006-Dec-05.
Security risk: less critical.
Exploitable from: remote.
Vulnerability: Cross site scripting.

Extended Tracker - SQL Injection

By heine on 26 Oct 2006 at 07:30 UTC

Advisory ID: DRUPAL-SA-2006-027
Project: Extended Tracker (xtracker) 4.7
Date: 2006-Oct-26
Security risk: highly critical
Exploitable from: remote
Vulnerability: SQL injection

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

By heine on 12 Oct 2006 at 11:55 UTC

Advisory ID: DRUPAL-SA-2006-026
Project: Drupal core
Date: 2006-Oct-18
Security risk: Less critical
Exploitable from: Remote
Vulnerability: HTML attribute injection

Pages

Subscribe with RSS