Security advisories for third-party projects that are not part of Drupal core - this includes all modules, themes, and installation profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2012-171 - Webmail Plus - SQL injection - (unsupported)
Posted by Drupal Security Team on November 28, 2012 at 8:34pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-171
- Project: Webmail Plus (third-party module)
- Version: 6.x
- Date: 2012-November-28
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL Injection
SA-CONTRIB-2012-170 - MultiLink - Access Bypass
Posted by Drupal Security Team on November 28, 2012 at 8:10pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-170
- Project: Multi-Language Link and Redirect (MultiLink) (third-party module)
- Version: 6.x, 7.x
- Date: 2012-November-28
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-CONTRIB-2012-169 - Email Field - Cross Site Scripting and Access bypass
Posted by Drupal Security Team on November 28, 2012 at 7:47pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-169
- Project: Email Field (third-party module)
- Version: 6.x
- Date: 2012-11-28
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting, Access bypass
SA-CONTRIB-2012-168 - Services - Information Disclosure
Posted by Drupal Security Team on November 28, 2012 at 7:26pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-168
- Project: Services (third-party module)
- Version: 6.x, 7.x
- Date: 2012-11-28
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Information Disclosure
SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)
Posted by Drupal Security Team on November 28, 2012 at 7:26pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-167
- Project: Mixpanel (third-party module)
- Version: 6.x
- Date: 2012-November-28
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-166 - Table of Contents - Access Bypass
Posted by Drupal Security Team on November 14, 2012 at 9:14pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-166
- Project: Table of Contents (third-party module)
- Version: 6.x
- Date: 2012-November-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)
Posted by Drupal Security Team on November 14, 2012 at 8:44pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-165
- Project: Chaos tool suite (ctools) (third-party module)
- Version: 6.x
- Date: 2012-November-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)
Posted by Drupal Security Team on November 14, 2012 at 7:06pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-164
- Project: Smiley (third-party module)
- Project: Smileys (third-party module)
- Version: 6.x
- Date: 2012-November-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-163 - User Read-Only - Permission escalation
Posted by Drupal Security Team on November 14, 2012 at 7:03pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-163
- Project: User Read-Only (third-party module)
- Version: 6.x, 7.x
- Date: 2012-November-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request forgery (CSRF)
Posted by Drupal Security Team on November 14, 2012 at 4:55pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-162
- Project: RESTful Web Services (third-party module)
- Version: 7.x
- Date: 2012-November-14
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Request Forgery
Subscribe with RSS 