Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2013-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2013-January-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Access bypass
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-005 - Mark Complete Module - Cross Site Request Forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-005
  • Project: Mark Complete (third-party module)
  • Version: 7.x
  • Date: 2013-January-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 7.x

SA-CONTRIB-2013-004 - Live CSS - Arbitrary Code Execution

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-004
  • Project: Live CSS (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-January-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary PHP code execution
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2013-003 - RESTful Web Services - Cross site request forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-003
  • Project: RESTful Web Services (third-party module)
  • Version: 7.x
  • Date: 2013-January-16
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 7.x

SA-CONTRIB-2013-002 - Payment - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-002
  • Project: Payment (third-party module)
  • Version: 7.x
  • Date: 2013-January-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 7.x

SA-CONTRIB-2013-001 - Search API - Cross Site Scripting

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2013-001
  • Project: Search API (third-party module)
  • Version: 7.x
  • Date: 2013-January-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 7.x

SA-CORE-2012-004 - Drupal core - Multiple vulnerabilities

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CORE-2012-004
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2012-December-19
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Arbitrary PHP code execution
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-174 - Context - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-174
  • Project: Context (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-12-19
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-173 - Nodewords: Information disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-173
  • Project: Nodewords: D6 Meta Tags (third-party module)
  • Version: 6.x
  • Date: 2012-December-05
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x

SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-172
  • Project: Zero Point (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-November-28
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories