Deprecated - Security advisories for contributed projects

This forum is deprecated — view current Drupal contributed projects security advisories

SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion and Cross Site Scripting (XSS)

By Drupal Security Team on 8 Aug 2012 at 18:12 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-125
Project: Chaos tool suite (ctools) (third-party module)
Version: 6.x, 7.x
Date: 2012-August-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Local File Inclusion and Cross Site Scripting

SA-CONTRIB-2012-124 - Mime Mail - Access Bypass

By Drupal Security Team on 8 Aug 2012 at 17:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-124
Project: Mime Mail (third-party module)
Version: 6.x
Date: 2012-August-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass

By Drupal Security Team on 8 Aug 2012 at 17:08 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-123
Project: Shibboleth authentication (third-party module)
Version: 6.x
Date: 2012-August-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)

By Drupal Security Team on 8 Aug 2012 at 16:18 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-122
Project: Better Revisions (third-party module)
Version: 7.x
Date: 2012-August-08
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)

By Drupal Security Team on 8 Aug 2012 at 15:57 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-121
Project: Shorten URLs (third-party module)
Version: 6.x, 7.x
Date: 2012-August-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross Site Scripting

SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass (unsupported)

By Drupal Security Team on 1 Aug 2012 at 15:26 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2012-120
Project: Monthly Archive by Node Type (third-party module)
Version: 6.x
Date: 2012-August-1
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

Pages

Subscribe with RSS