Drupal Security Announcements

This list is for security announcements sent out be the Drupal security team.

URL

http://drupal.org/taxonomy/term/44/0

Last update

4 hours 27 min ago

November 5, 2008

18:51

SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities

Advisory ID: DRUPAL-SA-2008-069
Project: Content Construction Kit (third-party module)
Versions: 5.x, 6.x
Date: 2008-November-5
Security risk: Minor
Exploitable from: Remote
Vulnerability: Cross site scripting

October 22, 2008

20:34

SA-2008-068 - Localization client and Localization server - Cross site request forgery

Advisory ID: DRUPAL-SA-2008-068
Project: Localization client and Localization server (third-party modules)
Versions: 5.x, 6.x
Date: 2008-October-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

19:06

SA-2008-067 - Drupal core - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

October 15, 2008

19:02

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-066
Project: Shindig-Integrator (third-party module)
Versions: 5.x
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

18:27

SA-2008-065 - Node Clone - Access bypass

Advisory ID: DRUPAL-SA-2008-065
Project: Node Clone (third-party module)
Version: 6.x, and 5.x.
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

16:46

SA-2008-064 - Node Vote - SQL injection vulnerability

Advisory ID: DRUPAL-SA-2008-064
Project: Node Vote (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-15
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection

October 9, 2008

19:41

SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates

Advisory ID: DRUPAL-SA-2008-063
Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
Version: 6.x
Date: 2008-October-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

October 8, 2008

21:47

SA-2008-062 - SIOC - access bypass

Advisory ID: DRUPAL-SA-2008-062
Project: SIOC (third-party module)
Versions: 5.x and 6.x
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

21:45

SA-2008-061 - Everyblog - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-061
Project: EveryBlog (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-08
Security risk: Highly critical
Exploitable from: Remote
Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass

21:43

SA-2008-060 - Drupal core - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-060
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

21:28

SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates

Advisory ID: DRUPAL-SA-2008-063
Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
Version: 6.x
Date: 2008-October-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

October 1, 2008

20:24

SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting

Advisory ID: DRUPAL-SA-2008-059
Project: Brilliant Gallery (third-party module)
Versions: 5.x
Date: 2008-October-1
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection and Cross Site Scripting

September 24, 2008

22:42

SA-2008-058 - Brilliant Gallery - SQL Injection

Advisory ID: DRUPAL-SA-2008-058
Project: Brilliant Gallery (third-party module)
Versions: 5.x, 6.x
Date: 2008-September-25
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection

19:48

SA-2008-057 - Ajax Checklist - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-057
Project: Ajax Checklist (third-party module)
Versions: 5.x
Date: 2008-September-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection, Cross site scripting

18:58

SA-2008-056 - Simplenews - Cross site scripting

Advisory ID: DRUPAL-SA-2008-056
Project: Simplenews (third-party module)
Versions: 5.x, 6.x
Date: 2008-September-24
Security risk: Not Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

18:13

SA-2008-055 - Stock - Cross site scripting

Advisory ID: DRUPAL-SA-2008-055
Project: Stock (third-party module)
Versions: 6.x
Date: 2008-September-24
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

16:54

SA-2008-054 - Plugin Manager - Access bypass

Advisory ID: DRUPAL-SA-2008-054
Project: Plugin Manager (third-party module)
Versions: 6.x
Date: 2008-September-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

September 18, 2008

13:31

SA-2008-053 - Answers - Cross site scripting

Advisory ID: DRUPAL-SA-2008-053
Project: Answers (third-party module)
Versions: 5.x
Date: 2008-September-18
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

September 17, 2008

19:13

SA-2008-052 - Link To Us - Cross site scripting

Advisory ID: DRUPAL-SA-2008-052
Project: Link To Us (third-party module)
Versions: 5.x
Date: 2008-September-17
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

17:20

SA-2008-051 - Mailsave - Cross site scripting

Advisory ID: DRUPAL-SA-2008-051
Project: Mailsave (third-party module)
Versions: 5.x and 6.x
Date: 2008-September-17
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross site scripting