Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-142 - Spambot - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-142
  • Project: Spambot (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-September-19
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-141 - Mass Contact - Access bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-141
  • Project: Mass Contact (third-party module)
  • Version: 6.x
  • Date: 2012-September-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-140
  • Project: Inf08 (third-party module)
  • Version: 6.x
  • Date: 2012-September-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-139 - PDFThumb OS Injection

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-139
  • Project: PDFThumb (third-party module)
  • Version: 7.x
  • Date: 2012-September-12
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: OS Injection
Categories: Drupal 7.x

SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-138
  • Project: Exposed Filter Data (third-party module)
  • Version: 6.x
  • Date: 2012-September-05
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-137 - Heartbeat - Cross Site Request Forgery (CSRF) in heartbeat_comments

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-137
  • Project: Heartbeat (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-September-5
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-136
  • Project: Apache Solr Autocomplete (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-August-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-135
  • Project: CAPTCHA (third-party module)
  • Version: 6.x
  • Date: 2012-August-29
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-134 - Views - Privilege Escalation

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-134
  • Project: Views (third-party module)
  • Version: 6.x
  • Date: 2012-August-29
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation
Categories: Drupal 6.x

SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-133
  • Project: Taxonomy Image (third-party module)
  • Version: 6.x
  • Date: 2012-August-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Arbitrary PHP code execution
Categories: Drupal 6.x

Pages

Subscribe with RSS Subscribe to Security advisories