Deprecated - Security advisories for Drupal core | Drupal.org

This forum is deprecated — view current Drupal core security advisories

DRUPAL-SA-2006-004 Mail header injection vulnerability

By jvandyk on 13 Mar 2006 at 21:04 UTC

Advisory ID: DRUPAL-SA-2006-004
Project: Drupal core
Date: 2006-03-13
Security risk: moderately critical
Impact: security bypass
Where: from remote
Vulnerability: mail header injection attack

DRUPAL-SA-2006-003 Session fixation vulnerability

By jvandyk on 13 Mar 2006 at 21:00 UTC

Advisory ID: DRUPAL-SA-2006-003
Project: Drupal core
Date: 2006-03-13
Security risk: less critical
Impact: hijacking
Where: from remote
Vulnerability: session fixation attack

DRUPAL-SA-2006-002 XSS vulnerabilities

By jvandyk on 13 Mar 2006 at 20:45 UTC

Advisory ID: DRUPAL-SA-2006-002
Project: Drupal core
Date: 2006-03-13
Security risk: less critical
Impact: cross-site scripting
Where: from remote
Vulnerability: cross-site scripting

DRUPAL-SA-2006-001 Security bypass in menu.module

By jvandyk on 13 Mar 2006 at 20:21 UTC

Advisory ID: DRUPAL-SA-2006-001
Project: Drupal core
Date: 2006-03-13
Security risk: less critical
Impact: security bypass
Where: from remote
Vulnerability: bypass access control

DRUPAL-SA-2005-009 Bypass "view user profiles" permission

By Dries on 30 Nov 2005 at 21:45 UTC

Advisory ID: DRUPAL-SA-2005-009
Project: Drupal core
Date: 2005-11-30
Security risk: not critical
Impact: normal
Where: from remote
Vulnerability: bypass access control

DRUPAL-SA-2005-008 XSS and HTTP header injection vulnerability with uploaded files

By Dries on 30 Nov 2005 at 21:45 UTC

Advisory ID: DRUPAL-SA-2005-008
Project: Drupal core
Date: 2005-11-30
Security risk: less critical
Impact: normal
Where: from remote
Vulnerability: XSS, HTTP header injection

Pages

Subscribe with RSS