This forum is deprecated — view current Drupal core security advisories

SA-2007-030 - Drupal Core - API handling of unpublished comment.

By heine on
  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-029 - Drupal core - User deletion cross site request forgery

By heine on
  • Advisory ID: DRUPAL-SA-2007-029
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery
Categories: Drupal 5.x

SA-2007-026 - Drupal Core - Cross site scripting via uploads

By heine on
  • Advisory ID: DRUPAL-SA-2007-026
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Categories: Drupal 4.7.x, Drupal 5.x

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

By heine on
  • Advisory ID: DRUPAL-SA-2007-025
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution
Categories: Drupal 5.x

SA-2007-024 - Drupal Core - HTTP response splitting

By heine on
  • Advisory ID: DRUPAL-SA-2007-024
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: HTTP response splitting
Categories: Drupal 4.7.x, Drupal 5.x

Drupal core - Multiple cross site scripting vulnerabilities

By heine on
  • Advisory ID: DRUPAL-SA-2007-018
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-July-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities
Categories: Drupal 4.7.x, Drupal 5.x

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for Drupal core