HomeNews aggregatorSources

Drupal security feed

Syndicate content
This list is for security announcements sent out be the Drupal security team.
URL: http://drupal.org/taxonomy/term/44/0
Updated: 7 hours 12 min ago

SA-2008-071 - User Karma - Multiple vulnerabilities

Wed, 11/26/2008 - 15:47
  • Advisory ID: DRUPAL-SA-2008-071
  • Project: User Karma
  • Versions: 5.x and 6.x
  • Date: 2008-November-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection, Cross-site scripting (XSS)

read more

Categories: Drupal, Security updates

SA-2008-070 - Comment Mail - Cross site request forgery

Wed, 11/26/2008 - 13:40
  • Advisory ID: DRUPAL-SA-2008-070
  • Project: Comment Mail
  • Versions: 5.x
  • Date: 2008-November-26
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

Categories: Drupal, Security updates

SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities

Wed, 11/05/2008 - 13:51
  • Advisory ID: DRUPAL-SA-2008-069
  • Project: Content Construction Kit (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2008-November-5
  • Security risk: Minor
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security updates

SA-2008-068 - Localization client and Localization server - Cross site request forgery

Wed, 10/22/2008 - 15:34
  • Advisory ID: DRUPAL-SA-2008-068
  • Project: Localization client and Localization server (third-party modules)
  • Versions: 5.x, 6.x
  • Date: 2008-October-22
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

Categories: Drupal, Security updates

SA-2008-067 - Drupal core - Multiple vulnerabilities

Wed, 10/22/2008 - 14:06
  • Advisory ID: DRUPAL-SA-2008-067
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-October-22
  • Security risk: Less Critical
  • Exploitable from: Local/Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security updates

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

Wed, 10/15/2008 - 14:02
  • Advisory ID: DRUPAL-SA-2008-066
  • Project: Shindig-Integrator (third-party module)
  • Versions: 5.x
  • Date: 2008-October-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security updates

SA-2008-065 - Node Clone - Access bypass

Wed, 10/15/2008 - 13:27
  • Advisory ID: DRUPAL-SA-2008-065
  • Project: Node Clone (third-party module)
  • Version: 6.x, and 5.x.
  • Date: 2008-October-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal, Security updates

SA-2008-064 - Node Vote - SQL injection vulnerability

Wed, 10/15/2008 - 11:46
  • Advisory ID: DRUPAL-SA-2008-064
  • Project: Node Vote (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-October-15
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection

read more

Categories: Drupal, Security updates

SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates

Thu, 10/09/2008 - 14:41
  • Advisory ID: DRUPAL-SA-2008-063
  • Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
  • Version: 6.x
  • Date: 2008-October-8
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal, Security updates

SA-2008-062 - SIOC - access bypass

Wed, 10/08/2008 - 16:47
  • Advisory ID: DRUPAL-SA-2008-062
  • Project: SIOC (third-party module)
  • Versions: 5.x and 6.x
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal, Security updates

SA-2008-061 - Everyblog - Multiple vulnerabilities

Wed, 10/08/2008 - 16:45
  • Advisory ID: DRUPAL-SA-2008-061
  • Project: EveryBlog (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-October-08
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass

read more

Categories: Drupal, Security updates

SA-2008-060 - Drupal core - Multiple vulnerabilities

Wed, 10/08/2008 - 16:43
  • Advisory ID: DRUPAL-SA-2008-060
  • Project: Drupal core
  • Versions: 5.x and 6.x
  • Date: 2008-October-8
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security updates

SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting

Wed, 10/01/2008 - 15:24
  • Advisory ID: DRUPAL-SA-2008-059
  • Project: Brilliant Gallery (third-party module)
  • Versions: 5.x
  • Date: 2008-October-1
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection and Cross Site Scripting

read more

Categories: Drupal, Security updates

SA-2008-058 - Brilliant Gallery - SQL Injection

Wed, 09/24/2008 - 17:42
  • Advisory ID: DRUPAL-SA-2008-058
  • Project: Brilliant Gallery (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2008-September-25
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection

read more

Categories: Drupal, Security updates

SA-2008-057 - Ajax Checklist - Multiple vulnerabilities

Wed, 09/24/2008 - 14:48
  • Advisory ID: DRUPAL-SA-2008-057
  • Project: Ajax Checklist (third-party module)
  • Versions: 5.x
  • Date: 2008-September-24
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection, Cross site scripting

read more

Categories: Drupal, Security updates

SA-2008-056 - Simplenews - Cross site scripting

Wed, 09/24/2008 - 13:58
  • Advisory ID: DRUPAL-SA-2008-056
  • Project: Simplenews (third-party module)
  • Versions: 5.x, 6.x
  • Date: 2008-September-24
  • Security risk: Not Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security updates

SA-2008-055 - Stock - Cross site scripting

Wed, 09/24/2008 - 13:13
  • Advisory ID: DRUPAL-SA-2008-055
  • Project: Stock (third-party module)
  • Versions: 6.x
  • Date: 2008-September-24
  • Security risk: Moderately Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security updates

SA-2008-054 - Plugin Manager - Access bypass

Wed, 09/24/2008 - 11:54
  • Advisory ID: DRUPAL-SA-2008-054
  • Project: Plugin Manager (third-party module)
  • Versions: 6.x
  • Date: 2008-September-24
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal, Security updates

SA-2008-053 - Answers - Cross site scripting

Thu, 09/18/2008 - 08:31
  • Advisory ID: DRUPAL-SA-2008-053
  • Project: Answers (third-party module)
  • Versions: 5.x
  • Date: 2008-September-18
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security updates

SA-2008-052 - Link To Us - Cross site scripting

Wed, 09/17/2008 - 14:13
  • Advisory ID: DRUPAL-SA-2008-052
  • Project: Link To Us (third-party module)
  • Versions: 5.x
  • Date: 2008-September-17
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security updates
12next ›last »