Image pager - Cross site scripting

By Heine on
  • Advisory ID: DRUPAL-SA-2007-008
  • Project: Image Pager (third-party module)
  • Version: 4.7.x-1.x-dev, 5.x-1.x-dev
  • Date: 2007-02-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

Textimage - response validation bypass

By Heine on
  • Advisory ID: DRUPAL-SA-2007-007
  • Project: Textimage (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-31
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

Captcha - response validation bypass

By Heine on
  • Advisory ID: DRUPAL-SA-2007-006
  • Project: Captcha (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

Project and Project issue tracking - Multiple vulnerabilities

By dww on
  • Advisory ID: DRUPAL-SA-2007-004.
  • Project: Project and Project issue tracking (third party modules).
  • Date: 2007-Jan-23.
  • Security risk: Moderately critical.
  • Exploitable from: Remote.
  • Vulnerability: Access bypass, Cross site scripting, and unsafe file upload handling.

Acidfree - SQL injection

By Heine on
  • Advisory ID: DRUPAL-SA-2007-003.
  • Project: Acidfree (third-party module).
  • Version: 4.6.x, 4.7.x
  • Date: 2007-Jan-23.
  • Security risk: Highly critical.
  • Exploitable from: Remote.
  • Vulnerability: SQL Injection.

MySite - Cross site scripting

By Heine on
  • Advisory ID: DRUPAL-SA-2006-032.
  • Project: MySite (third-party module).
  • Version: 4.7.0, 4.7.x-3.2, 5.x-1.2.
  • Date: 2006-12-18.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

Pages

Subscribe with RSS Subscribe to RSS - Deprecated - Security advisories for contributed projects