Security updates
SA-CONTRIB-2010-078 - Kaltura - Information disclosure
- Advisory ID: DRUPAL-SA-CONTRIB-2010-078
- Project: Kaltura (third-party module)
- Versions: 5.x, 6.x
- Date: 2010-July-28
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Information disclosure
Categories: Drupal, Security updates
SA-CONTRIB-2010-077 - Sage Pay (former Protx) Direct Payment Gateway for Ubercart - Information Disclosure
- Advisory ID: DRUPAL-SA-CONTRIB-2010-077
- Project: Sage Pay Direct Payment Gateway for Ubercart (third-party module)
- Version: 5.x, 6.x
- Date: 2010-July-28
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Information Disclosure
Categories: Drupal, Security updates
SA-CONTRIB-2010-076 - Dashboard - Cross Site Scripting (CSS)
- Advisory ID: SA-CONTRIB-2010-076
- Project: Dashboard (third-party module)
- Version: 6.x
- Date: 2010-July-28
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Drupal, Security updates
phpMyAdmin 3.3.5 is released
Welcome to phpMyAdmin 3.3.5, a bugfix release.
Categories: Security updates
SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-075
- Project: Tagging (third-party module)
- Version: 6.x
- Date: 2010-July 21
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Drupal, Security updates
phpMyAdmin 3.3.5-rc1 is released
Welcome to the first release candidate for phpMyAdmin 3.3.5, a bugfix release.
Categories: Security updates
SA-CONTRIB-2010-074 - Drupad - Cross-site request forgery
- Advisory ID: DRUPAL-SA-CONTRIB-2010-074
- Projects: Drupad (third-party module)
- Version: 6.x
- Date: 2010-07-14
- Security risks: Critical
- Exploitable from: Remote
- Vulnerability: CSRF
Categories: Drupal, Security updates
SA-CONTRIB-2010-073 - Multiple Vulnerabilities In Multiple Contributed Modules
- Advisory ID: DRUPAL-SA-CONTRIB-2010-073
- Projects: Multiple third party modules - Simple Gallery, OG Menu, Tell A Friend Node, JsMath For Displaying Mathematics With TeX
- Version: 5.x, 6.x
- Date: 2010-July-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple (Cross Site Scripting, Email Header Injection)
Categories: Drupal, Security updates
SA-CONTRIB-2010-072: Hierarchical Select - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-0XX
- Project: Hierarchical Select (third-party module)
- Version: 5.x, 6.x
- Date: 2010-July-07
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Drupal, Security updates
SA-CONTRIB-2010-071 - MultiSafepay Integration - Cross Site Request Forgery
- Advisory ID: DRUPAL-SA-CONTRIB-2010-071
- Project: MultiSafepay Integration (third-party module)
- Version: 6.x
- Date: 2010-July-07
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
Categories: Drupal, Security updates
phpMyAdmin 3.3.4 is released
Welcome to phpMyAdmin 3.3.4, a bugfix release.
Categories: Security updates
SA-CONTRIB-2010-070 - Multiple vulnerabilities in multiple contributed modules
- Advisory ID: DRUPAL-SA-CONTRIB-2010-070
- Projects: Multiple third party modules - Easy Translator, Block Queue, Multiple Image Upload (Imagex)
- Version: 5.x, 6.x
- Date: 2010-06-23
- Security risks: Critical
- Exploitable from: Remote
- Vulnerability: Multiple (SQL Injection, CSRF, Access bypass)
Categories: Drupal, Security updates
SA-CONTRIB-2010-069 - Case Tracker - Multiple Vulnerabilities
- Advisory ID: DRUPAL-SA-CONTRIB-2010-069
- Project: Case Tracker (third-party module)
- Version: 5.x
- Date: 2010-June-23
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple Vulnerabilities
Categories: Drupal, Security updates
SA-CONTRIB-2010-068 - Masquerade - Cross Site Request Forgery
- Advisory ID: DRUPAL-SA-CONTRIB-2010-068
- Project: Masquerade (third-party module)
- Version: 5.x, 6.x
- Date: 2010-June-23
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
Categories: Drupal, Security updates
phpMyAdmin 3.3.4-rc1 is released
Welcome to the first release candidate for phpMyAdmin 3.3.4, a bugfix release.
Categories: Security updates
SA-CONTRIB-2010-067 - Views - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-CONTRIB-2010-067
- Project: Views (third-party module)
- Version: 5.x, 6.x
- Date: 2010-June-16
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: Drupal, Security updates
SA-CONTRIB-2010-066 - FileField - Cross Site Scripting
- Advisory ID: DRUPAL-SA-CONTRIB-2010-066
- Project: FileField (third-party module)
- Version: 5.x, 6.x
- Date: 2010-June-16
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Categories: Drupal, Security updates
PSA-2010-002 - Views - Administer views permission
- Advisory ID: PSA-2010-002
- Project: Views (third-party module)
- Versions: 5.x, 6.x
- Date: 2010-June-16
- Security risk: Not critical
Categories: Drupal, Security updates
SA-CONTRIB-2010-065 - Content Construction Kit (CCK) - Access Bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2010-065
- Project: Content Construction Kit (CCK) (third-party module)
- Version: 5.x, 6.x
- Date: 2010-June-16
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Access Bypass
Categories: Drupal, Security updates
SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering
- Advisory ID: DRUPAL-SA-CONTRIB-2010-064
- Project: Ubercart MIGS Payment Gateway (third-party module)
- Versions: 6.x
- Date: 2010-Jun-16
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Web Parameter Tampering
Categories: Drupal, Security updates
