Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2011-022 - Cosign - SQL Injection

By Drupal Security Team on 8 Jun 2011 at 17:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-022
Project: cosign (third-party module)
Version: 6.x
Date: 2011-June-08
Security risk: Less critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2011-021 - Webform - Multiple Vulnerabilities

By Drupal Security Team on 18 May 2011 at 23:30 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-021
Project: Webform (third-party module)
Version: 6.x, 7.x
Date: 2011-May-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Multiple vulnerabilities

SA-CONTRIB-2011-020 - Taxonomy Access Control Lite (tac_lite) - Cross Site Scripting

By Drupal Security Team on 11 May 2011 at 21:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-020
Project: Taxonomy Access Control Lite (third-party module)
Version: 6.x
Date: 2011-May-11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-019 - Menu Access - Cross Site Scripting

By Drupal Security Team on 4 May 2011 at 19:28 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-019
Project: Menu Access (third-party module)
Version: 6.x
Date: 2011-MAY-04
Security risk: Moderately critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-018 - Node Reference URL Widget - Cross Site Scripting

By Drupal Security Team on 27 Apr 2011 at 19:07 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-018
Project: Node Reference URL Widget (third-party module)
Version: 6.x, 7.x
Date: 2011-April-27
Security risk: Moderately critical (definition of risk levels)
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-017 - Save Draft - Validation Bypass

By Drupal Security Team on 27 Apr 2011 at 16:05 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-017
Project: Save Draft (third-party module)
Version: 6.x, 7.x
Date: 2011-April-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Validation bypass

Pages

Subscribe with RSS