Security advisories | Drupal.org

Show advisories for only Drupal Core, only contributed projects, or only PSAs

SA-2007-032 - Shoutbox - Cross site scripting

By Heine on 5 Dec 2007 at 20:38 UTC

Advisory ID: DRUPAL-SA-2007-032
Project: Shoutbox (third-party module)
Version: 5.x
Date: 2007-December-05
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2007-031 - Drupal core - SQL Injection possible when certain contributed modules are enabled

By Heine on 5 Dec 2007 at 20:38 UTC

Advisory ID: DRUPAL-SA-2007-031
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2007-December-05
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: SQL Injection

SA-2007-030 - Drupal Core - API handling of unpublished comment.

By Heine on 17 Oct 2007 at 19:50 UTC

Advisory ID: DRUPAL-SA-2007-030
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2007-October-17
Security risk: Not critical
Exploitable from: Remote
Vulnerability: Access bypass

SA-2007-029 - Drupal core - User deletion cross site request forgery

By Heine on 17 Oct 2007 at 19:40 UTC

Advisory ID: DRUPAL-SA-2007-029
Project: Drupal core
Version: 5.x
Date: 2007-October-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

SA-2007-027 - Token - Cross site scripting

By Heine on 17 Oct 2007 at 19:07 UTC

Advisory ID: DRUPAL-SA-2007-027
Project: Several Modules That Use Token module
Version: 5.x
Date: 2007-October-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2007-028 - Weblinks - Cross site scripting

By Heine on 17 Oct 2007 at 18:43 UTC

Advisory ID: DRUPAL-SA-2007-028
Project: Weblinks (third-party module)
Version: 4.7.x, 5.x
Date: 2007-October-17
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2007-026 - Drupal Core - Cross site scripting via uploads

By Heine on 17 Oct 2007 at 18:38 UTC

Advisory ID: DRUPAL-SA-2007-026
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2007-October-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting

SA-2007-025 - Drupal core - Arbitrary code execution via installer.

By Heine on 17 Oct 2007 at 18:33 UTC

Advisory ID: DRUPAL-SA-2007-025
Project: Drupal core
Version: 5.x
Date: 2007-October-17
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: Arbitrary code execution

SA-2007-024 - Drupal Core - HTTP response splitting

By Heine on 17 Oct 2007 at 18:31 UTC

Advisory ID: DRUPAL-SA-2007-024
Project: Drupal core
Version: 4.7.x, 5.x
Date: 2007-October-17
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: HTTP response splitting

PHP exploit using Drupal circulating - PSA-2007-001

Date:

2007-October-17

Project: PHP
Version: PHP 4 < 4.4.3, PHP 5 < 5.1.4
Security risk: Critical
Exploitable from: Remote
Vulnerability: unset() hash / index collision exploit using Drupal (CVE-2006-3017)

Description

Pages

Subscribe with RSS