Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

Project and Project issue tracking XSS

By dww on 18 Dec 2006 at 07:52 UTC

Advisory ID: DRUPAL-SA-2006-031.
Project: Project and Project issue tracking (third party modules).
Date: 2006-Dec-18.
Security risk: Less critical.
Exploitable from: Remote.
Vulnerability: Cross site scripting.

Chatroom - Security bypass

By heine on 11 Dec 2006 at 09:44 UTC

Advisory ID: DRUPAL-SA-2006-030.
Project: Chatroom (third-party module).
Date: 2006-Dec-11.
Security risk: Highly critical.
Exploitable from: Remote.
Vulnerability: Security bypass.

Help Tip - Multiple vulnerabilities

By heine on 11 Dec 2006 at 09:27 UTC

Advisory ID: DRUPAL-SA-2006-029.
Project: Help Tip (third-party module).
Date: 2006-Dec-11.
Security risk: highly critical.
Exploitable from: remote.
Vulnerability: SQL Injection, Cross site scripting.

CVS management/tracker XSS

By heine on 5 Dec 2006 at 20:48 UTC

Advisory ID: DRUPAL-SA-2006-028.
Project: CVS management/tracker (third party module).
Date: 2006-Dec-05.
Security risk: less critical.
Exploitable from: remote.
Vulnerability: Cross site scripting.

Extended Tracker - SQL Injection

By heine on 26 Oct 2006 at 07:30 UTC

Advisory ID: DRUPAL-SA-2006-027
Project: Extended Tracker (xtracker) 4.7
Date: 2006-Oct-26
Security risk: highly critical
Exploitable from: remote
Vulnerability: SQL injection

IMCE file handling vulnerabilities

By heine on 2 Oct 2006 at 20:25 UTC

Advisory ID: DRUPAL-SA-2006-023
Project: IMCE
Date: 2006-October-02
Security risk: highly critical
Exploitable from: remote
Vulnerability: file handling

Pages

Subscribe with RSS