Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2009-070 - Shibboleth authentication - Impersonation, privilege escalation

By coltrane on 14 Oct 2009 at 17:21 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-070
Project: Shibboleth authentication (third-party module)
Version: 6.x, 5.x
Date: 2009-October-14
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Impersonation, privilege escalation

SA-CONTRIB-2009-068 - Boost - Filesystem Directory Creation

By Drupal Security Team on 30 Sep 2009 at 20:50 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-068
Project: Boost (third-party module)
Version: 6.x-1.*
Date: 2009-09-30
Security risk: Low
Exploitable from: Remote
Vulnerability: Filesystem Directory Creation

SA-CONTRIB-2009-069 - Shared Sign On - Cross Site Scripting

By Drupal Security Team on 30 Sep 2009 at 20:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-069
Project: Shared Sign On (third-party module)
Version: 5.x, 6.x
Date: 2009 September 30
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CONTRIB-2009-067 Dex module - Cross Site Scripting, no longer maintained

By Drupal Security Team on 30 Sep 2009 at 18:59 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-067
Project: Dex: Contact Information Manager (third-party module)
Version: 5.x, 6.x
Date: 2009-Sept-30
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-066 - Organic Groups - Cross Site Scripting

By Drupal Security Team on 30 Sep 2009 at 18:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-066
Project: Organic Groups (third-party module)
Version: 5.x, 6.x
Date: 2009-September-30
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2009-065 - Browscap - Cross Site Scripting

By greggles on 30 Sep 2009 at 17:31 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-065
Project: Browscap (third-party module)
Version: 5.x, 6.x
Date: 2009-September-30
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS