Home » Newsletters

Security advisories for contributed projects

Security advisories for third-party projects that are not part of Drupal core - this includes all module, themes, and install profiles that have been contributed by a community member. These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-CONTRIB-2010-015 - Signwriter - Arbitrary code execution

· ·
Drupal Security Team - February 3, 2010 - 20:03
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-015
  • Project: Signwriter (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-February-3
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution
» Read more

SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution

· ·
Drupal Security Team - February 3, 2010 - 19:01
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-014
  • Project: Node Export (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-February-3
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution
» Read more

SA-CONTRIB-2010-013 - Menu Breadcrumb - Cross site scripting

·
Drupal Security Team - February 3, 2010 - 16:19
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-013
  • Project: Menu Breadcrumb (third-party module)
  • Version: 6.x
  • Date: 2010-February-03
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
» Read more

SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)

·
greggles - February 3, 2010 - 15:44
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-012
  • Project: ODF Import (third-party module)
  • Version: 6.x-1.0
  • Date: 2010-February-3
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
» Read more

SA-CONTRIB-2010-011 - Feedback - Cross Site Scripting

· ·
Drupal Security Team - January 27, 2010 - 22:50
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-011
  • Project: Feedback (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
» Read more

SA-CONTRIB-2010-010 - Author Contact - Cross site scripting

· ·
coltrane - January 27, 2010 - 20:28
  • Advisory ID: DRUPAL-SA-CONTRIB-2010-010
  • Project: Author Contact (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-January-27
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross Site Scripting
» Read more
Syndicate content
 
 

Drupal is a registered trademark of Dries Buytaert.