SA-2007-022 - Boost - file overwrite

By bjaspan on
  • Advisory ID: DRUPAL-SA-2007-022.
  • Project: Boost (third-party module)
  • Version: 4.7.x-1.*, 5.x-0.*
  • Date: 2007-10-03
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Filesystem overwrite

SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

By hunmonk on
  • Advisory ID: DRUPAL-SA-2007-021.
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x
  • Date: 2007-Sep-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

Project and Project issue tracking - Access bypass

By dww on
  • Advisory ID: DRUPAL-SA-2007-020.
  • Project: Project and Project issue tracking (third-party modules)
  • Version: 4.7.x-1.*, 4.7.x-2.*, 5.x-0.*
  • Date: 2007-Aug-20
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Content Construction Kit - Cross site scripting

By Heine on
  • Advisory ID: DRUPAL-SA-2007-019
  • Project: Content Construction Kit (CCK) (third-party module)
  • Version: 4.7.x-1.x, 5.x-1.x
  • Date: 2007-August-13
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

LoginToboggan - Cross site scripting

By dww on
  • Advisory ID: DRUPAL-SA-2007-016
  • Project: LoginToboggan (third-party module)
  • Version: 4.7.x-1.0, 4.7.x-1.x-dev, 5.x-1.x-dev
  • Date: 2007-07-12
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Forward - Access bypass

By AjK on
  • Advisory ID: DRUPAL-SA-2007-015
  • Project: Forward (third-party module)
  • Version: 5.x and 4.7.x
  • Date: 2007-July-09
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for contributed projects