Deprecated - Security advisories for contributed projects | Drupal.org

This forum is deprecated — view current Drupal contributed projects security advisories

Form_mail module allows arbitrary header injection

By chx on 4 Jul 2006 at 17:40 UTC

Advisory ID: DRUPAL-SA-2006-009
Project: form_mail
Date: 2006-Jul-4
Security risk: moderately critical
Impact: security bypass
Exploitable from: remote
Vulnerability: mail header injection attack

XSS vulnerability in project module

By Dries on 8 May 2006 at 09:09 UTC

Project: project module (contributed module)
Security risk: less critical
Impact: project module
Where: from remote
Vulnerability: malicious HTML execution and XSS attacks

Unintentionally logging credit card transactions

By chx on 31 Oct 2005 at 21:10 UTC

Advisory ID: DRUPAL-SA-2005-006
Project: ecommerce
Date: 2005-Oct-30
Security risk: critical
Impact: authorize_net module, which is a part of the ecommerce package
Exploitable from: local
Vulnerability: System is unintentionally logging credit card transactions, including card numbers.

SQL injection and PHP code execution

By chx on 3 Oct 2005 at 18:18 UTC

Advisory ID: DRUPAL-SA-2005-005
Project: flexinode
Date: 2005-Oct-03
Security risk: highly critical
Impact: flexinode module
Exploitable from: remote
Vulnerability: SQL injection and PHP execution by bypassing input format check

Pages

Subscribe with RSS