These posts by the Drupal security team are also sent to the security announcements e-mail list.

SA-2008-018 - Drupal core - Cross site scripting

  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

  • Advisory ID: DRUPAL-SA-2008-007
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting when register_globals is enabled.

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

  • Advisory ID: DRUPAL-SA-2008-006
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2008-005 - Drupal core - Cross site request forgery

  • Advisory ID: DRUPAL-SA-2008-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

  • Advisory ID: DRUPAL-SA-2007-031
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-December-05
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: SQL Injection

SA-2007-030 - Drupal Core - API handling of unpublished comment.

  • Advisory ID: DRUPAL-SA-2007-030
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

SA-2007-029 - Drupal core - User deletion cross site request forgery

  • Advisory ID: DRUPAL-SA-2007-029
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

SA-2007-026 - Drupal Core - Cross site scripting via uploads

  • Advisory ID: DRUPAL-SA-2007-026
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

  • Advisory ID: DRUPAL-SA-2007-025
  • Project: Drupal core
  • Version: 5.x
  • Date: 2007-October-17
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

SA-2007-024 - Drupal Core - HTTP response splitting

  • Advisory ID: DRUPAL-SA-2007-024
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-October-17
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: HTTP response splitting

Pages

Subscribe with RSS Subscribe to Security advisories