Skip to main content
Skip to search
Can we use first and third party cookies and web beacons to
understand our audience, and to tailor promotions you see
?
Yes, please
No, do not track me
Drupal.org home
Why Drupal?
About Drupal
Platform overview
Drupal 10
Content Authoring
Content as a Service
Decoupled
Accessibility
Marketing Automation
Multilingual
Security
Personalization
Case studies
Video series
News
Use cases
For Developers
For Marketers
E-commerce
Education
FinTech
Government
Healthcare
High Tech
Nonprofit
Retail
Travel
Resources
Installing Drupal
Documentation
User guide
Local Development Guide
Security
News
Blog
Drupal 7 Migrations
Services
Find an Agency Partner
Find a D7 Migration Partner
Find Integrations & Hosting
Find Drupal Training
Become a Certified Partner
Community
How to Contribute
About the Community
Support
Community Governance
Jobs/Careers
Events
DrupalCon Portland 2024
DrupalCon Barcelona 2024
Community Events
Download
Download
Modules
Themes
Distributions
Issue queues
Browse Repository
Give
Drupal Association
Become an Organization Member
Become a Certified Partner
Become an Individual Member
Make a Donation
Discover Drupal
Drupal Swag Shop
Demo
Demo online
Download
Return to content
Search form
Search
Log in
Create account
Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Learn more
Deprecated - Security advisories for contributed projects
This forum is deprecated —
view current Drupal contributed projects security advisories
Form_mail module allows arbitrary header injection
By
chx
on
4 Jul 2006 at 17:40 UTC
Advisory ID: DRUPAL-SA-2006-009
Project: form_mail
Date: 2006-Jul-4
Security risk: moderately critical
Impact: security bypass
Exploitable from: remote
Vulnerability: mail header injection attack
XSS vulnerability in project module
By
Dries
on
8 May 2006 at 09:09 UTC
Project: project module (contributed module)
Security risk: less critical
Impact: project module
Where: from remote
Vulnerability: malicious HTML execution and XSS attacks
Unintentionally logging credit card transactions
By
chx
on
31 Oct 2005 at 21:10 UTC
Advisory ID: DRUPAL-SA-2005-006
Project: ecommerce
Date: 2005-Oct-30
Security risk: critical
Impact: authorize_net module, which is a part of the
ecommerce package
Exploitable from: local
Vulnerability: System is unintentionally logging credit card transactions, including card numbers.
SQL injection and PHP code execution
By
chx
on
3 Oct 2005 at 18:18 UTC
Advisory ID: DRUPAL-SA-2005-005
Project: flexinode
Date: 2005-Oct-03
Security risk: highly critical
Impact: flexinode module
Exploitable from: remote
Vulnerability: SQL injection and PHP execution by bypassing input format check
Pages
« first
‹ previous
…
177
178
179
180
181
182
183
184
185
Subscribe with RSS