Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2013-011 - email2image - Access Bypass - Unsupported

By Drupal Security Team on 30 Jan 2013 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-011
Project: email2image (third-party module)
Version: 6.x
Date: 2013-January-30
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-010 - Search API sorts - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 17:15 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-010
Project: Search API sorts (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-009 - Keyboard Shortcut Utility - Access Bypass - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:45 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-009
Project: Keyboard Shortcut Utility (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2013-008 - CurvyCorners - Cross Site Scripting (XSS) - module unsupported

By Drupal Security Team on 23 Jan 2013 at 16:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-008
Project: CurvyCorners (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)

By Drupal Security Team on 23 Jan 2013 at 16:10 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-007
Project: User Relationships (third-party module)
Version: 6.x, 7.x
Date: 2013-January-23
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2013-006 - Video - Arbitrary Code Execution

By Drupal Security Team on 23 Jan 2013 at 16:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2013-006
Project: Video (third-party module)
Version: 7.x
Date: 2013-January-23
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Arbitrary PHP code execution

Pages

Subscribe with RSS