These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CORE-2012-003 - Drupal core - Arbitrary PHP code execution and Information disclosure

  • Advisory ID: DRUPAL-SA-CORE-2012-003
  • Project: Drupal core
  • Version: 7.x
  • Date: 2012-October-17
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Information Disclosure, Arbitrary PHP code execution

SA-CORE-2012-002 - Drupal core multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2012-002
  • Project: Drupal core
  • Version: 7.x
  • Date: 2012-May-2
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Denial of Service, Access bypass, Unvalidated form redirect

SA-CORE-2012-001 - Drupal core multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2012-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2012-February-01
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross Site Request Forgery, Multiple vulnerabilities

SA-CORE-2011-003 - Drupal core - Access bypass

  • Advisory ID: DRUPAL-SA-CORE-2011-003
  • Project: Drupal core
  • Version: 7.x
  • Date: 2011-July-27
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CORE-2011-002 - Drupal core - Access bypass

  • Advisory ID: DRUPAL-SA-CORE-2011-002
  • Project: Drupal core
  • Version: 7.x
  • Date: 2011-JUNE-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2011-001
  • Project: Drupal core
  • Version: 6.x, 7.x
  • Date: 2011-May-25
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross Site Scripting

SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2010-002
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2010-August-11
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2010-001
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2010-March-03
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting, Open redirect, Authorization vulnerability

SA-CORE-2009-009 - Drupal Core - Cross site scripting

  • Advisory ID: DRUPAL-SA-CORE-2009-009
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-December-16
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-CORE-2009-008 - Drupal core - Multiple vulnerabilities

  • Advisory ID: DRUPAL-SA-CORE-2009-008
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2009-September-16
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

Pages

Subscribe with RSS Subscribe to Security advisories