Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2009-010 Plus 1 - Cross-site request forgery

By Drupal Security Team on 18 Mar 2009 at 17:54 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-010
Project: Plus 1 (third-party module)
Version: 6.x
Date: 2009 March 18
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Cross-site request forgery (CSRF)

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

By Drupal Security Team on 11 Mar 2009 at 16:17 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-009
Project: Forward
Versions: 5.x, 6.x
Date: 2009-March-11
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Unrestricted e-mailing (spam)

SA-CONTRIB-2009-008 - Taxonomy Theme - Cross site scripting

By Drupal Security Team on 28 Feb 2009 at 19:33 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-008
Project: Taxonomy Theme (third-party module)
Version: 5.x
Date: 2009 February 28
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-007 - Advertisement Cross-site scripting

By greggles on 11 Feb 2009 at 20:46 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-007
Project: Advertisement module (third-party module)
Versions: 5.x, 6.x
Date: 2009 February 11
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting (XSS)

SA-CONTRIB-2009-006 - Troll - Cross site request forgeries

By Drupal Security Team on 11 Feb 2009 at 18:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-006
Project: Troll (third-party module)
Version: 5.x
Date: 2009 February 11
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross-site request forgeries (CSRF)

SA-CONTRIB-2009-005 - Views bulk operations - Cross site scripting

By Drupal Security Team on 4 Feb 2009 at 18:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-005
Project: Views bulk operations (third-party module)
Version: 5.x, 6.x
Date: 2009 February 04
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross-site scripting (XSS)

Pages

Subscribe with RSS