Drupal Security Announcements

This list is for security announcements sent out be the Drupal security team.

URL

RSS feed
http://drupal.org/taxonomy/term/44/0

Last update

5 years 22 weeks ago

August 22, 2006

19:52
Easylinks multiple vulnerabilities
  • Advisory ID: DRUPAL-SA-2006-017
  • Project: Easylinks 4.7
  • Date: 2006-Aug-22
  • Security risk: highly critical
  • Exploitable from: remote
  • Vulnerability: SQL injection, Cross site scripting
read more
19:49
E-commerce Cross site scripting vulnerability
  • Advisory ID: DRUPAL-SA-2006-016
  • Project: E-commerce 4.7
  • Date: 2006-Aug-22
  • Security risk: less critical
  • Exploitable from: remote
  • Vulnerability: Multiple Cross site scripting
read more

August 9, 2006

01:45
DRUPAL-SA-2006-015: Multiple vulnerabilities in Bibliography
  • Advisory ID: DRUPAL-SA-2006-015
  • Project: Bibliography
  • Date: 2006-Aug-08
  • Security risk: highly critical
  • Exploitable from: remote
  • Vulnerability: SQL injection, Cross site scripting
read more
01:32
Revision to DRUPAL-SA-2006-013 - Recipe
  • Advisory ID: DRUPAL-SA-2006-014
  • Project: Recipe 4.6
  • Date: 2006-Aug-08
  • Security risk: less critical
  • Exploitable from: remote
  • Vulnerability: Cross site scripting
read more

August 7, 2006

21:12
DRUPAL-SA-2006-013: Recipe module
  • Advisory ID: DRUPAL-SA-2006-013
  • Project: Recipe
  • Date: 2006-Aug-07
  • Security risk: less critical
  • Exploitable from: remote
  • Vulnerability: Cross site scripting
read more
21:10
DRUPAL-SA-2006-012: Jobsearch module
  • Advisory ID: DRUPAL-SA-2006-012
  • Project: Job Search
  • Date: 2006-Aug-07
  • Security risk: highly critical
  • Exploitable from: remote
  • Vulnerability: SQL injection
read more

August 2, 2006

17:03
XSS Vulnerability in user module
  • Advisory ID: DRUPAL-SA-2006-011
  • Project: Drupal core
  • Date: 2006-Aug-2
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting
read more

July 9, 2006

02:49
XSS vulnerability in webform module
  • Advisory ID: DRUPAL-SA-2006-010
  • Project: webform
  • Date: 2006-Jul-09
  • Security risk: critical
  • Impact: webform
  • Exploitable from: remote
  • Vulnerability: multiple cross-site scripting
read more

July 4, 2006

17:40
Form_mail module allows arbitrary header injection
  • Advisory ID: DRUPAL-SA-2006-009
  • Project: form_mail
  • Date: 2006-Jul-4
  • Security risk: moderately critical
  • Impact: security bypass
  • Exploitable from: remote
  • Vulnerability: mail header injection attack
read more

June 1, 2006

19:20
XSS Vulnerability in taxonomy module
  • Advisory ID: DRUPAL-SA-2006-008
  • Project: Drupal core
  • Date: 2006-Jun-01
  • Security risk: less critical
  • Impact: Drupal core
  • Exploitable from: remote
  • Vulnerability: cross-site scripting
read more