drupal security feed

Syndicate content
This list is for security announcements sent out be the Drupal security team.
Updated: 2 min 4 sec ago

SA-2008-043 - Outline designer - Privilege escalation

Wed, 2008-07-02 20:56
  • Advisory ID: DRUPAL-SA-2008-043
  • Project: Outline designer (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation

read more

Categories: Drupal

SA-2008-042 - Tinytax - Cross site scripting

Wed, 2008-07-02 20:51
  • Advisory ID: DRUPAL-SA-2008-042
  • Project: Tinytax taxonomy block (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal

SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities

Wed, 2008-07-02 20:48
  • Advisory ID: DRUPAL-SA-2008-041
  • Project: Taxonomy autotagger (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and SQL injection

read more

Categories: Drupal

SA-2008-040 - Organic Groups - Cross site scripting and information disclosure

Wed, 2008-07-02 20:42
  • Advisory ID: DRUPAL-SA-2008-040
  • Project: Organic Groups (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-July-02
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and information disclosure

read more

Categories: Drupal

SA-2008-039 - Suggested terms - Cross site scripting

Wed, 2008-06-25 18:53
  • Advisory ID: SA-2008-039
  • Project: Suggested terms (third-party module)
  • Versions: 5.x
  • Date: 2008-June-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal

SA-2008-038 - Services - Arbitrary code execution

Wed, 2008-06-18 21:50
  • Advisory ID: DRUPAL-SA-2008-038
  • Project: Services (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Categories: Drupal

SA-2008-037 - TrailScout - XSS and SQL injection

Wed, 2008-06-18 21:07
  • Advisory ID: DRUPAL-SA-2008-037
  • Project: TrailScout (third-party module)
  • Version: 5.x
  • Date: 2008-June-18
  • Security risk: Higly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and SQL injection

read more

Categories: Drupal

SA-2008-036 - Profile search - SQL Injection

Wed, 2008-06-18 15:15
  • Advisory ID: SA-2008-036
  • Project: Profile Search (third-party module)
  • Versions: 5.x
  • Date: 2008-July-18
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal

SA-2008-035 - Aggregation - Multiple vulnerabilities

Wed, 2008-06-11 19:44
  • Advisory ID: SA-2008-035
  • Project: Aggregation (third-party module)
  • Versions: 5.x
  • Date: 2008-June-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal

SA-2008-034 - Node Hierarchy - Access bypass

Wed, 2008-06-11 19:24
  • Advisory ID: SA-2008-034
  • Project: Node Hierarchy (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal

SA-2008-033 - Taxonomy Image - Cross site scripting

Wed, 2008-06-11 16:11
  • Advisory ID: SA-2008-033
  • Project: Taxonomy Image (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal

SA-2008-032 - Magic Tabs - Arbitrary code execution

Wed, 2008-06-11 13:16
  • Advisory ID: SA-2008-032
  • Project: Magic Tabs (third-party module)
  • Versions: 5.x
  • Date: 2008-June-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Categories: Drupal

SA-2008-031 - Pblog - Incorrect vulnerability report

Wed, 2008-06-11 12:31
  • Advisory ID: SA-2008-031
  • Project: Pblog (third-party module)
  • Versions: none
  • Date: 2008-June-11
  • Security risk: Not critical
  • Exploitable from: Remote
  • Subject: Incorrect vulnerability report

read more

Categories: Drupal

SA-2008-030 - Site Documentation - Privilege escalation

Wed, 2008-05-14 19:02
  • Advisory ID: DRUPAL-SA-2008-030
  • Project: Site Documentation (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-May-14
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation

read more

Categories: Drupal

SA-2008-029 - E-Publish - Cross site scripting and Cross site request forgeries

Wed, 2008-04-23 20:34
  • Advisory ID: DRUPAL-SA-2008-029
  • Project: E-Publish (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-April-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and Cross site request forgeries

read more

Categories: Drupal

SA-2008-028 - Internationalization and Localizer - Cross site scripting

Wed, 2008-04-23 18:16
  • Advisory ID: DRUPAL-SA-2008-028
  • Project: Internationalization and Localizer (third-party modules)
  • Versions: 5.x and 6.x
  • Date: 2008-April-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal

SA-2008-027 - Ubercart - Cross site scripting

Wed, 2008-04-23 18:16
  • Advisory ID: DRUPAL-SA-2008-027
  • Project: Ubercart (third-party module)
  • Version: 5.x
  • Date: 2008-April-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal

SA-2008-026 - Drupal core - Access bypass

Wed, 2008-04-09 20:25
  • Advisory ID: DRUPAL-SA-2008-026
  • Project: Drupal core
  • Version: 6.x
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal

SA-2008-025 - Simple access - Access bypass

Wed, 2008-04-09 17:42
  • Advisory ID: DRUPAL-SA-2008-025
  • Project: Simple access (third-party module)
  • Version: 5.x-1.*
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal

SA-2008-024 - Webform - Cross site scripting

Thu, 2008-04-03 03:57
  • Advisory ID: DRUPAL-SA-2008-024
  • Project: Webform (third-party module)
  • Version: 5.x, 6.x
  • Date: 2008-April-03
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal