Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-171
  • Project: Webmail Plus (third-party module)
  • Version: 6.x
  • Date: 2012-November-28
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection
Categories: Drupal 6.x

SA-CONTRIB-2012-170 - MultiLink - Access Bypass

By Drupal Security Team on
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-169
  • Project: Email Field (third-party module)
  • Version: 6.x
  • Date: 2012-11-28
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-168 - Services - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-168
  • Project: Services (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-11-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-167
  • Project: Mixpanel (third-party module)
  • Version: 6.x
  • Date: 2012-November-28
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-166 - Table of Contents - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-166
  • Project: Table of Contents (third-party module)
  • Version: 6.x
  • Date: 2012-November-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-165
  • Project: Chaos tool suite (ctools) (third-party module)
  • Version: 6.x
  • Date: 2012-November-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-164
  • Project: Smiley (third-party module)
  • Project: Smileys (third-party module)
  • Version: 6.x
  • Date: 2012-November-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-163 - User Read-Only - Permission escalation

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-163
  • Project: User Read-Only (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-November-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-162
  • Project: RESTful Web Services (third-party module)
  • Version: 7.x
  • Date: 2012-November-14
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories