Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)

By Drupal Security Team on 28 Nov 2012 at 19:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-167
Project: Mixpanel (third-party module)
Version: 6.x
Date: 2012-November-28
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-166 - Table of Contents - Access Bypass

By Drupal Security Team on 14 Nov 2012 at 21:14 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-166
Project: Table of Contents (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Nov 2012 at 20:44 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-165
Project: Chaos tool suite (ctools) (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)

By Drupal Security Team on 14 Nov 2012 at 19:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-164
Project: Smiley (third-party module)
Project: Smileys (third-party module)
Version: 6.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-163 - User Read-Only - Permission escalation

By Drupal Security Team on 14 Nov 2012 at 19:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-163
Project: User Read-Only (third-party module)
Version: 6.x, 7.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)

By Drupal Security Team on 14 Nov 2012 at 16:55 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-162
Project: RESTful Web Services (third-party module)
Version: 7.x
Date: 2012-November-14
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS