Security advisories

SA-CORE-2009-007 - Drupal core - Multiple vulnerabilities

Drupal Security Team — Wed, 01 Jul 2009 20:56:35 +0000

Advisory ID: DRUPAL-SA-CORE-2009-007
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-July-1
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-CORE-2009-006 - Drupal core - Cross site scripting

Drupal Security Team — Wed, 13 May 2009 19:47:10 +0000

Advisory ID: DRUPAL-SA-CORE-2009-006
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-May-13
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-CORE-2009-005 - Drupal core - Cross site scripting

Drupal Security Team — Thu, 30 Apr 2009 01:48:10 +0000

Advisory ID: DRUPAL-SA-CORE-2009-005
Project: Drupal core
Version: 5.x, 6.x
Date: 2009-April-29
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

New pages and RSS feeds for security announcements

pwolanin — Wed, 18 Mar 2009 15:51:17 +0000

Separate Security Announcements by Type

To make the impact of different security advisories and announcements easier to see, they are now separated by type.

Drupal core security advisories: http://drupal.org/security
RSS feed for Drupal core: http://drupal.org/security/rss.xml

Contributed project security advisories: http://drupal.org/security/contrib
RSS feed for contributed projects: http://drupal.org/security/contrib/rss.xml

Public service announcements: http://drupal.org/security/psa
RSS feed for announcements: http://drupal.org/security/psa/rss.xml

We encourage those using RSS readers to track security-related developments to subscribe to all three of these feeds.

All posts to each of these three forums will still be sent to the one security announcements e-mail list. To subscribe to that e-mail list, once logged in, go to your user profile page and subscribe to the security newsletter on the Edit » My newsletters tab.

All future public service announcements will only be posted to the Public service announcements page and feed.

SA-CORE-2009-004 - Local file inclusion on Windows

Drupal Security Team — Wed, 25 Feb 2009 22:58:23 +0000

Advisory ID: DRUPAL-SA-CORE-2009-004
Project: Drupal core
Versions: 5.x
Date: 2009-February-25
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Local file inclusion on Windows
Reference: SA-CORE-2009-003 (6.x)

SA-CORE-2009-003 - Local file inclusion on Windows

Drupal Security Team — Wed, 25 Feb 2009 18:16:20 +0000

Advisory ID: DRUPAL-SA-CORE-2009-003
Project: Drupal core
Versions: 6.x
Date: 2009-February-25
Security risk: Highly Critical
Exploitable from: Remote
Vulnerability: Local file inclusion on Windows

SA-CORE-2009-001 Drupal core - Multiple vulnerabilities

Gábor Hojtsy — Thu, 15 Jan 2009 00:00:22 +0000

Advisory ID: DRUPAL-SA-CORE-2009-001
Project: Drupal core
Versions: 5.x and 6.x
Date: 2009-January-14
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-2008-073 - Drupal core - Multiple vulnerabilities

Gábor Hojtsy — Wed, 10 Dec 2008 21:42:40 +0000

Advisory ID: DRUPAL-SA-2008-073
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-December-10
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

SA-2008-067 - Drupal core - Multiple vulnerabilities

Gábor Hojtsy — Wed, 22 Oct 2008 19:06:25 +0000

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

SA-2008-060 - Drupal core - Multiple vulnerabilities

Gábor Hojtsy — Wed, 08 Oct 2008 21:43:56 +0000

Advisory ID: DRUPAL-SA-2008-060
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities