Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS)

By Drupal Security Team on 10 Oct 2012 at 17:03 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-155
Project: ShareThis (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities

By Drupal Security Team on 10 Oct 2012 at 17:01 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-154
Project: Basic webmail (third-party module)
Version: 6.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting, Information Disclosure, Multiple vulnerabilities

SA-CONTRIB-2012-153 - Mandrill - Information Disclosure

By Drupal Security Team on 10 Oct 2012 at 16:56 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-153
Project: Mandrill (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure

SA-CONTRIB-2012-152 - Feeds - Access bypass

By Drupal Security Team on 10 Oct 2012 at 16:47 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-152
Project: Feeds (third-party module)
Version: 7.x
Date: 2012-October-10
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request Forgery

By Drupal Security Team on 3 Oct 2012 at 15:40 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-151
Project: Commerce extra panes (third-party module)
Version: 7.x
Date: 2012-October-3
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Request Forgery

SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)

By Drupal Security Team on 3 Oct 2012 at 15:20 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-150
Project: Twitter Pull (third-party module)
Version: 6.x, 7.x
Date: 2012-October-03
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

Pages

Subscribe with RSS