Deprecated - Security advisories for Drupal core | Drupal.org

This forum is deprecated — view current Drupal core security advisories

SA-2008-026 - Drupal core - Access bypass

By Heine on 9 Apr 2008 at 20:25 UTC

Advisory ID: DRUPAL-SA-2008-026
Project: Drupal core
Version: 6.x
Date: 2008-April-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-2008-018 - Drupal core - Cross site scripting

By Gábor Hojtsy on 27 Feb 2008 at 19:23 UTC

Advisory ID: DRUPAL-SA-2008-018
Project: Drupal core
Version: 6.0
Date: 2008-February-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple cross site scripting vulnerabilities

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

By Heine on 10 Jan 2008 at 21:03 UTC

Advisory ID: DRUPAL-SA-2008-007
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site scripting when register_globals is enabled.

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

By Heine on 10 Jan 2008 at 21:02 UTC

Advisory ID: DRUPAL-SA-2008-006
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2008-005 - Drupal core - Cross site request forgery

By Heine on 10 Jan 2008 at 21:00 UTC

Advisory ID: DRUPAL-SA-2008-005
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

By Heine on 5 Dec 2007 at 20:38 UTC

Advisory ID: DRUPAL-SA-2007-031
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2007-December-05
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: SQL Injection

Pages

Subscribe with RSS