Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass

By Drupal Security Team on 7 Nov 2012 at 21:11 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-161
Project: Webform CiviCRM Integration (third-party module)
Version: 7.x
Date: 2012-November-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)

By Drupal Security Team on 7 Nov 2012 at 21:04 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-160
Project: OM Maximenu (third-party module)
Version: 6.x, 7.x
Date: 2012-November-07
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords

By Drupal Security Team on 31 Oct 2012 at 18:39 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-159
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2012-October-31
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)

By Drupal Security Team on 24 Oct 2012 at 18:19 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-158
Project: MailChimp (third-party module)
Version: 7.x
Date: 2012-October-24
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-157 - Time Spent - Multiple Vulnerabilities - (unsupported)

By Drupal Security Team on 24 Oct 2012 at 16:49 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-157
Project: Time Spent (third-party module)
Version: 6.x, 7.x
Date: 2012-October-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Cross Site Request Forgery, SQL Injection, Multiple vulnerabilities

SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)

By Drupal Security Team on 17 Oct 2012 at 18:41 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-156
Project: Search API (third-party module)
Version: 7.x
Date: 2012-October-17
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

Pages

Subscribe with RSS