Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-102
  • Project: Ubercart AJAX Cart (third-party module)
  • Version: 6.x
  • Date: 2012-June-13
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x

SA-CONTRIB-2012-101 - Protected Node - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-101
  • Project: Protected node (third-party module)
  • Version: 6.x
  • Date: 2012-June-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x

SA-CONTRIB-2012-100 - SimpleMeta - Cross Site Request Forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-100
  • Project: SimpleMeta (third-party module)
  • Version: 6.x
  • Date: 2012-June-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-099 - Node Hierarchy - Cross Site Request Forgery (CSRF)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-099
  • Project: Node Hierarchy (third-party module)
  • Version: 6.x
  • Date: 2012-June-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Request Forgery
Categories: Drupal 6.x

SA-CONTRIB-2012-098 - Janrain Capture - Open Redirect

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-098
  • Project: Janrain Capture (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-June-13
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Open Redirect
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-097 - Protest - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-097
  • Project: Protest (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-June-06
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-096 - Authoring HTML - Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-096
  • Project: Authoring HTML (third-party module)
  • Version: 6.x
  • Date: 2012-June-06
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
Categories: Drupal 6.x

SA-CONTRIB-2012-095 - Simplenews - Information Disclosure

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-095
  • Project: Simplenews (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-June-06
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure
Categories: Drupal 6.x, Drupal 7.x

SA-CONTRIB-2012-094 - Maestro module - Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS)

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-094
  • Project: Maestro (third-party module)
  • Version: 7.x
  • Date: 2012-June-06
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting, Cross Site Request Forgery
Categories: Drupal 7.x

SA-CONTRIB-2012-093 - Node Embed - Access Bypass

By Drupal Security Team on
  • Advisory ID: DRUPAL-SA-CONTRIB-2012-093
  • Project: Node Embed (third-party module)
  • Version: 6.x, 7.x
  • Date: 2012-June-06
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 6.x, Drupal 7.x

Pages

Subscribe with RSS Subscribe to Security advisories