Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2008-067 - Drupal core - Multiple vulnerabilities

Gábor Hojtsy - October 22, 2008 - 19:06

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

» Read more

SA-2008-060 - Drupal core - Multiple vulnerabilities

Security advisories for Drupal core · Drupal 5.x · Drupal 6.x

Gábor Hojtsy - October 8, 2008 - 21:43

Advisory ID: DRUPAL-SA-2008-060
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

» Read more

SA-2008-047 - Drupal core - Multiple vulnerabilities

Security advisories for Drupal core · Drupal 5.x · Drupal 6.x

Heine - August 13, 2008 - 23:27

Advisory ID: DRUPAL-SA-2008-047
Project: Drupal core
Version: 5.x, 6.x
Date: 2008-August-13
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

» Read more

SA-2008-046 - Drupal core - Session fixation

Security advisories for Drupal core · Drupal 5.x

Heine - July 23, 2008 - 19:58

Advisory ID: DRUPAL-SA-2008-046
Project: Drupal core
Version: 5.x
Date: 2008-July-23
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Session fixation

» Read more

SA-2008-044 - Drupal core - Multiple vulnerabilities

Security advisories for Drupal core · Drupal 5.x · Drupal 6.x

Heine - July 9, 2008 - 21:24

Advisory ID: DRUPAL-SA-2008-044
Project: Drupal core
Version: 5x, 6.x
Date: 2008-July-9
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

» Read more

SA-2008-026 - Drupal core - Access bypass

Security advisories for Drupal core · Drupal 6.x

Heine - April 9, 2008 - 20:25

Advisory ID: DRUPAL-SA-2008-026
Project: Drupal core
Version: 6.x
Date: 2008-April-09
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

» Read more

SA-2008-018 - Drupal core - Cross site scripting

Security advisories for Drupal core · Drupal 6.x

Gábor Hojtsy - February 27, 2008 - 19:23

Advisory ID: DRUPAL-SA-2008-018
Project: Drupal core
Version: 6.0
Date: 2008-February-27
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple cross site scripting vulnerabilities

» Read more

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

Security advisories for Drupal core · Drupal 4.7.x · Drupal 5.x

Heine - January 10, 2008 - 21:03

Advisory ID: DRUPAL-SA-2008-007
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site scripting when register_globals is enabled.

» Read more

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

Security advisories for Drupal core · Drupal 4.7.x · Drupal 5.x

Heine - January 10, 2008 - 21:02

Advisory ID: DRUPAL-SA-2008-006
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

» Read more

SA-2008-005 - Drupal core - Cross site request forgery

Security advisories for Drupal core · Drupal 4.7.x · Drupal 5.x

Heine - January 10, 2008 - 21:00

Advisory ID: DRUPAL-SA-2008-005
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2008-January-10
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

» Read more

Security advisories

SA-2008-067 - Drupal core - Multiple vulnerabilities

SA-2008-060 - Drupal core - Multiple vulnerabilities

SA-2008-047 - Drupal core - Multiple vulnerabilities

SA-2008-046 - Drupal core - Session fixation

SA-2008-044 - Drupal core - Multiple vulnerabilities

SA-2008-026 - Drupal core - Access bypass

SA-2008-018 - Drupal core - Cross site scripting

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

SA-2008-005 - Drupal core - Cross site request forgery

User login

Contributor links