These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2006-007 - Drupal Core - Revision to DRUPAL-SA-2006-006

  • Advisory ID: DRUPAL-SA-2006-007
  • Project: Drupal core and potentially any web application that accepts uploads.
  • Date: 2006-Jun-01
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files

SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations

  • Advisory ID: DRUPAL-SA-2006-006
  • Project: Drupal core
  • Date: 2006-May-24
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: Execution of arbitrary files

DRUPAL-SA-2006-005 - Drupal core - SQL injection vulnerability

  • Advisory ID: DRUPAL-SA-2006-005
  • Project: Drupal core
  • Date: 2006-May-18
  • Security risk: highly critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: SQL injection

DRUPAL-SA-2006-004 Mail header injection vulnerability

  • Advisory ID: DRUPAL-SA-2006-004
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: moderately critical
  • Impact: security bypass
  • Where: from remote
  • Vulnerability: mail header injection attack

DRUPAL-SA-2006-003 Session fixation vulnerability

  • Advisory ID: DRUPAL-SA-2006-003
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: less critical
  • Impact: hijacking
  • Where: from remote
  • Vulnerability: session fixation attack

DRUPAL-SA-2006-002 XSS vulnerabilities

  • Advisory ID: DRUPAL-SA-2006-002
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: less critical
  • Impact: cross-site scripting
  • Where: from remote
  • Vulnerability: cross-site scripting

DRUPAL-SA-2006-001 Security bypass in menu.module

  • Advisory ID: DRUPAL-SA-2006-001
  • Project: Drupal core
  • Date: 2006-03-13
  • Security risk: less critical
  • Impact: security bypass
  • Where: from remote
  • Vulnerability: bypass access control

DRUPAL-SA-2005-008 XSS and HTTP header injection vulnerability with uploaded files

  • Advisory ID: DRUPAL-SA-2005-008
  • Project: Drupal core
  • Date: 2005-11-30
  • Security risk: less critical
  • Impact: normal
  • Where: from remote
  • Vulnerability: XSS, HTTP header injection

DRUPAL-SA-2005-007 XSS vulnerability in submitted content

  • Advisory ID: DRUPAL-SA-2005-007
  • Project: Drupal core
  • Date: 2005-11-30
  • Security risk: less critical
  • Impact: normal
  • Where: from remote
  • Vulnerability: XSS

DRUPAL-SA-2005-009 Bypass "view user profiles" permission

  • Advisory ID: DRUPAL-SA-2005-009
  • Project: Drupal core
  • Date: 2005-11-30
  • Security risk: not critical
  • Impact: normal
  • Where: from remote
  • Vulnerability: bypass access control

Pages

Subscribe with RSS Subscribe to Security advisories