Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2011-004 - Multiple Vulnerabilities In Multiple Contributed Modules

By Drupal Security Team on 2 Feb 2011 at 18:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-004
Projects: Multiple third party modules - OG Forum, Open Legislation, PowerSQL
Version: 6.x
Date: 2011-February-02
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple (Information disclosure, Cross Site Scripting, Cross Site Request Forgery, SQL injection)

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

By Drupal Security Team on 19 Jan 2011 at 22:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-003
Project: Janrain Engage (formerly RPX) (third-party module)
Version: 6.x
Date: 2011-January-19
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting or Arbitrary Code Execution

SA-CONTRIB-2011-002 - Panels - Cross Site Scripting (XSS)

By Drupal Security Team on 13 Jan 2011 at 01:29 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-002
Project: Panels (third-party module)
Version: 6.x
Date: 2011-January-12
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2011-001 - Webform - SQL Injection

By Drupal Security Team on 10 Jan 2011 at 10:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2011-001
Project: Webform (third-party module)
Version: 6.x
Date: 2011-January-10
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-CONTRIB-2010-113 - Image - Cross Site Scripting

By Drupal Security Team on 22 Dec 2010 at 21:25 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-113
Project: Image (third-party module)
Version: 5.x, 6.x
Date: 2010-December-22
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

By Drupal Security Team on 22 Dec 2010 at 21:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2010-112
Project: oEmbed (third-party module)
Version: 6.x
Date: 2010-December-22
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Access Bypass

Pages

Subscribe with RSS