These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2007-030 - Drupal Core - API handling of unpublished comment.

  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2007-029 - Drupal core - User deletion cross site request forgery

  • Advisory ID: DRUPAL-SA-2007-029
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2007-026 - Drupal Core - Cross site scripting via uploads

  • Advisory ID: DRUPAL-SA-2007-026
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

  • Advisory ID: DRUPAL-SA-2007-025
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

SA-2007-024 - Drupal Core - HTTP response splitting

  • Advisory ID: DRUPAL-SA-2007-024
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: HTTP response splitting

Drupal core - Multiple cross site scripting vulnerabilities

  • Advisory ID: DRUPAL-SA-2007-018
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-July-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities

Drupal core - Cross site request forgeries

  • Advisory ID: DRUPAL-SA-2007-017
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-July-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site request forgeries

DRUPAL-SA-2007-005 - Drupal core - Arbitrary code execution

  • Advisory ID: DRUPAL-SA-2007-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

Drupal core - Denial of service

  • Advisory ID: DRUPAL-SA-2007-002.
  • Project: Drupal Core.
  • Version: 4.6, 4.7
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Denial of service.

Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-2007-001.
  • Project: Drupal Core.
  • Version: 4.6, 4.7.
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

Pages

Subscribe with RSS Subscribe to Security advisories