Security advisories for third-party projects that are not part of Drupal core - this includes all module, themes, and install profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.
SA-CONTRIB-2012-018 - Revisioning - Cross Site Scripting
Posted by Drupal Security Team on February 9, 2012 at 12:37am
- Advisory ID: DRUPAL-SA-CONTRIB-2012-018
- Project: Revisioning (third-party module)
- Version: 6.x
- Date: 2012-FEB-08
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-017 - Finder - Multiple vulnerabilities
Posted by Drupal Security Team on February 8, 2012 at 4:03pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-017
- Project: Finder (third-party module)
- Version: 6.x, 7.x
- Date: 2012-February-08
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities
SA-CONTRIB-2012-016 - Forward module CSRF and Access bypass
Posted by Drupal Security Team on February 1, 2012 at 10:55pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-016
- Project: Forward (third-party module)
- Version: 6.x, 7.x
- Date: 2012-February-01
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass, Cross Site Request Forgery
SA-CONTRIB-2012-015 - Managesite - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 25, 2012 at 9:48pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-015
- Project: Managesite (third-party module)
- Version: 6.x
- Date: 2012-January-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-014 - Drupal Commerce - Cross Site Scripting (XSS)
Posted by Drupal Security Team on January 25, 2012 at 7:14pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-014
- Project: Drupal Commerce (third-party module)
- Version: 7.x
- Date: 2012-January-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection
Posted by Drupal Security Team on January 25, 2012 at 4:39pm
- Advisory ID: DRUPAL-SA-CONTRIB-2012-013
- Project: Search Autocomplete (third-party module)
- Version: 7.x
- Date: 2012-January-25
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL Injection
Subscribe with RSS 