Security advisories

These posts by the Drupal security team are also sent to the security announcements e-mail list.

Drupal core - Denial of service

Posted by Heine on December 19, 2006 at 3:53pm
  • Advisory ID: DRUPAL-SA-2007-002.
  • Project: Drupal Core.
  • Version: 4.6, 4.7
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Denial of service.
Read more

Drupal core - Cross site scripting

Posted by Heine on December 19, 2006 at 3:43pm
  • Advisory ID: DRUPAL-SA-2007-001.
  • Project: Drupal Core.
  • Version: 4.6, 4.7.
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.
Read more

DRUPAL-SA-2006-026 - Drupal core - Form action attribute injection

Posted by Heine on October 12, 2006 at 11:55am
  • Advisory ID: DRUPAL-SA-2006-026
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: HTML attribute injection
Read more
Categories: ,

DRUPAL-SA-2006-025 - Drupal core - Cross site request forgeries

Posted by Heine on October 12, 2006 at 11:50am
  • Advisory ID: DRUPAL-SA-2006-025
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgeries
Read more
Categories: ,

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

Posted by Heine on October 12, 2006 at 11:47am
  • Advisory ID: DRUPAL-SA-2006-024
  • Project: Drupal core
  • Date: 2006-Oct-18
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting
Read more
Categories: ,

DRUPAL-SA-2006-011 XSS Vulnerability in user module

Posted by Gerhard Killesreiter on August 2, 2006 at 5:03pm
  • Advisory ID: DRUPAL-SA-2006-011
  • Project: Drupal core
  • Date: 2006-Aug-2
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting
Read more
Categories: ,

DRUPAL-SA-2006-008 XSS Vulnerability in taxonomy module

Posted by webchick on June 1, 2006 at 7:20pm
  • Advisory ID: DRUPAL-SA-2006-008
  • Project: Drupal core
  • Date: 2006-Jun-01
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting
Read more
Categories: ,

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

Posted by webchick on June 1, 2006 at 6:49pm
  • Advisory ID: DRUPAL-SA-2006-007
  • Project: Drupal core and potentially any web application that accepts uploads.
  • Date: 2006-Jun-01
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files
Read more
Categories: ,

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

Posted by webchick on May 25, 2006 at 1:19am
  • Advisory ID: DRUPAL-SA-2006-006
  • Project: Drupal core
  • Date: 2006-May-24
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files
Read more
Categories: ,

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

Posted by chx on May 24, 2006 at 7:42pm
  • Advisory ID: DRUPAL-SA-2006-005
  • Project: Drupal core
  • Date: 2006-May-18
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: SQL injection
Read more
Categories: ,
Subscribe with RSS Syndicate content

Security books

There are many useful books about Drupal. Here are two that discuss security:

Advertising helps build a successful ecosystem around Drupal.