Drupal Themes
User login
drupal security feed
This list is for security announcements sent out be the Drupal security team.
Updated: 2 min 4 sec ago
SA-2008-043 - Outline designer - Privilege escalation
- Advisory ID: DRUPAL-SA-2008-043
- Project: Outline designer (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Privilege escalation
Categories: Drupal
SA-2008-042 - Tinytax - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-042
- Project: Tinytax taxonomy block (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-041
- Project: Taxonomy autotagger (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and SQL injection
Categories: Drupal
SA-2008-040 - Organic Groups - Cross site scripting and information disclosure
- Advisory ID: DRUPAL-SA-2008-040
- Project: Organic Groups (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-July-02
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and information disclosure
Categories: Drupal
SA-2008-039 - Suggested terms - Cross site scripting
- Advisory ID: SA-2008-039
- Project: Suggested terms (third-party module)
- Versions: 5.x
- Date: 2008-June-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
SA-2008-038 - Services - Arbitrary code execution
- Advisory ID: DRUPAL-SA-2008-038
- Project: Services (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-18
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Drupal
SA-2008-037 - TrailScout - XSS and SQL injection
- Advisory ID: DRUPAL-SA-2008-037
- Project: TrailScout (third-party module)
- Version: 5.x
- Date: 2008-June-18
- Security risk: Higly critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and SQL injection
Categories: Drupal
SA-2008-036 - Profile search - SQL Injection
- Advisory ID: SA-2008-036
- Project: Profile Search (third-party module)
- Versions: 5.x
- Date: 2008-July-18
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: Drupal
SA-2008-035 - Aggregation - Multiple vulnerabilities
- Advisory ID: SA-2008-035
- Project: Aggregation (third-party module)
- Versions: 5.x
- Date: 2008-June-11
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: Drupal
SA-2008-034 - Node Hierarchy - Access bypass
- Advisory ID: SA-2008-034
- Project: Node Hierarchy (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-11
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Categories: Drupal
SA-2008-033 - Taxonomy Image - Cross site scripting
- Advisory ID: SA-2008-033
- Project: Taxonomy Image (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-11
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
SA-2008-032 - Magic Tabs - Arbitrary code execution
- Advisory ID: SA-2008-032
- Project: Magic Tabs (third-party module)
- Versions: 5.x
- Date: 2008-June-11
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: Drupal
SA-2008-031 - Pblog - Incorrect vulnerability report
- Advisory ID: SA-2008-031
- Project: Pblog (third-party module)
- Versions: none
- Date: 2008-June-11
- Security risk: Not critical
- Exploitable from: Remote
- Subject: Incorrect vulnerability report
Categories: Drupal
SA-2008-030 - Site Documentation - Privilege escalation
- Advisory ID: DRUPAL-SA-2008-030
- Project: Site Documentation (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-May-14
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Privilege escalation
Categories: Drupal
SA-2008-029 - E-Publish - Cross site scripting and Cross site request forgeries
- Advisory ID: DRUPAL-SA-2008-029
- Project: E-Publish (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-April-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and Cross site request forgeries
Categories: Drupal
SA-2008-028 - Internationalization and Localizer - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-028
- Project: Internationalization and Localizer (third-party modules)
- Versions: 5.x and 6.x
- Date: 2008-April-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
SA-2008-027 - Ubercart - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-027
- Project: Ubercart (third-party module)
- Version: 5.x
- Date: 2008-April-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
SA-2008-026 - Drupal core - Access bypass
- Advisory ID: DRUPAL-SA-2008-026
- Project: Drupal core
- Version: 6.x
- Date: 2008-April-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Categories: Drupal
SA-2008-025 - Simple access - Access bypass
- Advisory ID: DRUPAL-SA-2008-025
- Project: Simple access (third-party module)
- Version: 5.x-1.*
- Date: 2008-April-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Categories: Drupal
SA-2008-024 - Webform - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-024
- Project: Webform (third-party module)
- Version: 5.x, 6.x
- Date: 2008-April-03
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: Drupal
Popular content
Drupal Showcase
drupal security feed
Syndicate