These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2008-067 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-067
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-October-22
  • Security risk: Less Critical
  • Exploitable from: Local/Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-060 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-060
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-October-8
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-047 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-047
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2008-August-13
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-046 - Drupal core - Session fixation

  • Advisory ID: DRUPAL-SA-2008-046
  • Project: Drupal core
  • Version: 5.x
  • Date: 2008-July-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Session fixation

SA-2008-044 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-2008-044
  • Project: Drupal core
  • Version: 5x, 6.x
  • Date: 2008-July-9
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-2008-026 - Drupal core - Access bypass

  • Advisory ID: DRUPAL-SA-2008-026
  • Project: Drupal core
  • Version: 6.x
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2008-018 - Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

  • Advisory ID: DRUPAL-SA-2008-007
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting when register_globals is enabled.

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

  • Advisory ID: DRUPAL-SA-2008-006
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2008-005 - Drupal core - Cross site request forgery

  • Advisory ID: DRUPAL-SA-2008-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

Pages

Subscribe with RSS Subscribe to Security advisories