Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 23, 2013 at 4:10pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-007
- Project: User Relationships (third-party module)
- Version: 6.x, 7.x
- Date: 2013-January-23
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2013-006 - Video - Arbitrary Code Execution
Posted by Drupal Security Team on January 23, 2013 at 4:08pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-006
- Project: Video (third-party module)
- Version: 7.x
- Date: 2013-January-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Arbitrary PHP code execution
SA-CONTRIB-2013-005 - Mark Complete Module - Cross Site Request Forgery (CSRF)
Posted by Drupal Security Team on January 16, 2013 at 8:22pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-005
- Project: Mark Complete (third-party module)
- Version: 7.x
- Date: 2013-January-16
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
SA-CONTRIB-2013-004 - Live CSS - Arbitrary Code Execution
Posted by Drupal Security Team on January 16, 2013 at 4:20pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-004
- Project: Live CSS (third-party module)
- Version: 6.x, 7.x
- Date: 2012-January-16
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary PHP code execution
SA-CONTRIB-2013-003 - RESTful Web Services - Cross site request forgery (CSRF)
Posted by Drupal Security Team on January 16, 2013 at 2:46pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-003
- Project: RESTful Web Services (third-party module)
- Version: 7.x
- Date: 2013-January-16
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
SA-CONTRIB-2013-002 - Payment - Access Bypass
Posted by Drupal Security Team on January 9, 2013 at 4:14pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-002
- Project: Payment (third-party module)
- Version: 7.x
- Date: 2013-January-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-CONTRIB-2013-001 - Search API - Cross Site Scripting
Posted by Drupal Security Team on January 9, 2013 at 3:51pm
- Advisory ID: DRUPAL-SA-CONTRIB-2013-001
- Project: Search API (third-party module)
- Version: 7.x
- Date: 2013-January-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-174 - Context - Information Disclosure
Posted by Drupal Security Team on December 19, 2012 at 6:40pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-174
- Project: Context (third-party module)
- Version: 6.x, 7.x
- Date: 2012-12-19
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Information Disclosure
SA-CONTRIB-2012-173 - Nodewords: Information disclosure
Posted by Drupal Security Team on December 5, 2012 at 5:05pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-173
- Project: Nodewords: D6 Meta Tags (third-party module)
- Version: 6.x
- Date: 2012-December-05
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Information Disclosure
SA-CONTRIB-2012-172 - Zero Point - Cross Site Scripting (XSS)
Posted by Drupal Security Team on November 28, 2012 at 10:08pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-172
- Project: Zero Point (third-party module)
- Version: 6.x, 7.x
- Date: 2012-November-28
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Subscribe with RSS 