Security advisories

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 17 Apr 2013 at 16:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-044
Project: elFinder file manager (third-party module)
Version: 6.x, 7.x
Date: 2013-April-17
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2013-043 - MP3 Player - Cross Site Scripting (XSS)

By Drupal Security Team on 17 Apr 2013 at 14:27 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-043
Project: MP3 Player (third-party module)
Version: 6.x
Date: 2013-April-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-042 - RESTful Web Services (RESTWS) - Denial of Service

By Drupal Security Team on 10 Apr 2013 at 15:52 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-042
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2013-April-10
Security risk: Critical
Exploitable from: Remote
Vulnerability: Denial of Service

SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass

By Drupal Security Team on 3 Apr 2013 at 18:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-041
Project: Chaos tool suite (ctools) (third-party module)
Version: 7.x
Date: 2013-April-03
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-040 - Commerce Skrill (Formerly Moneybookers) - Access bypass

By Drupal Security Team on 3 Apr 2013 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-040
Project: Commerce Skrill (Formerly Moneybookers) (third-party module)
Version: 7.x
Date: 2013-April-03
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-039 - Commons Wikis - Access bypass & Privilege escalation

By Drupal Security Team on 27 Mar 2013 at 20:34 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-039
Project: Commons Wikis (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Multiple vulnerabilities

SA-CONTRIB-2013-038 - Commons Groups - Access bypass & Privilege escalation

By Drupal Security Team on 27 Mar 2013 at 20:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-038
Project: Commons Groups (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass, Multiple vulnerabilities

SA-CONTRIB-2013-037 - Rules - Cross Site Scripting (XSS)

By Drupal Security Team on 27 Mar 2013 at 17:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-037
Project: Rules (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS)

By Drupal Security Team on 27 Mar 2013 at 17:44 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-036
Project: Zero Point (third-party module)
Version: 7.x
Date: 2013-March-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)

By Drupal Security Team on 20 Mar 2013 at 20:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-035
Project: Views (third-party module)
Version: 7.x
Date: 2013-March-20
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS