Skip navigation.
Home

Drupal Security Announcements

Syndicate content
This list is for security announcements sent out be the Drupal security team.
Updated: 4 years 21 weeks ago

SA-2008-026 - Drupal core - Access bypass

Wed, 2008-04-09 20:25
  • Advisory ID: DRUPAL-SA-2008-026
  • Project: Drupal core
  • Version: 6.x
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

SA-2008-025 - Simple access - Access bypass

Wed, 2008-04-09 17:42
  • Advisory ID: DRUPAL-SA-2008-025
  • Project: Simple access (third-party module)
  • Version: 5.x-1.*
  • Date: 2008-April-09
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

SA-2008-024 - Webform - Cross site scripting

Thu, 2008-04-03 03:57
  • Advisory ID: DRUPAL-SA-2008-024
  • Project: Webform (third-party module)
  • Version: 5.x, 6.x
  • Date: 2008-April-03
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-023 - Ubercart - Cross site scripting

Wed, 2008-04-02 20:13
  • Advisory ID: DRUPAL-SA-2008-023
  • Project: Ubercart (third-party module)
  • Version: 5.x
  • Date: 2008-April-02
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-022 - Flickr - Cross site scripting

Wed, 2008-04-02 20:06
  • Advisory ID: DRUPAL-SA-2008-022
  • Project: Flickr (third-party module)
  • Version: 5.x, 6.x
  • Date: 2008-April-02
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-021 - Live - Cross site request forgery

Thu, 2008-03-20 05:39
  • Advisory ID: DRUPAL-SA-2008-021
  • Project: Live (third-party module)
  • Version: 5.x
  • Date: 2008-March-23
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

SA-2008-020 - Ubercart - Cross site scripting

Wed, 2008-03-12 21:06
  • Advisory ID: DRUPAL-SA-2008-020
  • Project: Ubercart (third-party module)
  • Version: 5.x
  • Date: 2008-March-12
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-019 - Refine by Taxonomy - Cross site scripting

Wed, 2008-03-05 21:00
  • Advisory ID: DRUPAL-SA-2008-019
  • Project: Refine by Taxonomy (third-party module)
  • Version: 5.x
  • Date: 2008-March-05
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-018 - Drupal core - Cross site scripting

Wed, 2008-02-27 19:23
  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities

read more

SA-2008-017 - Header image - Access bypass

Wed, 2008-02-13 19:22
  • Advisory ID: DRUPAL-SA-2008-017
  • Project: Header image (third-party module)
  • Version: 5.x-1.0
  • Date: 2008-February-13
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0

Wed, 2008-01-30 22:40
  • Advisory ID: DRUPAL-SA-2008-016
  • Project: OpenID (third-party module)
  • Version: 5.x-1.0
  • Date: 2007-January-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Identity impersonation

read more

SA-2008-015 - Comment Upload - Arbitrary file upload

Wed, 2008-01-30 20:41
  • Advisory ID: DRUPAL-SA-2008-015
  • Project: Comment upload (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-January-30
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary file upload

read more

SA-2008-014 - Userpoints - Cross site request forgery

Wed, 2008-01-30 20:41
  • Advisory ID: DRUPAL-SA-2008-014
  • Project: Userpoints (third-party module)
  • Version: 4.7.x, 5.x-2.x, 5.x-3.x
  • Date: 2008-January-30
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

SA-2008-013 - Project issue tracking - Arbitrary file upload

Wed, 2008-01-30 20:41
  • Advisory ID: DRUPAL-SA-2008-013
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
  • Date: 2007-January-30
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary file upload

read more

SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables

Wed, 2008-01-30 20:41
  • Advisory ID: DRUPAL-SA-2008-012
  • Project: Project issue tracking (third-party module)
  • Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
  • Date: 2007-January-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross-site scripting (XSS)

read more

SA-2008-011 - Securesite - Access bypass

Wed, 2008-01-30 20:39
  • Advisory ID: DRUPAL-SA-2008-011
  • Project: Secure Site (third-party module)
  • Version: 5.x-1.0, 4.7.x-1.0
  • Date: 2008-January-30
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

SA-2008-10 - Archive - Cross site scripting

Wed, 2008-01-23 21:37
  • Advisory ID: DRUPAL-SA-2008-010
  • Project: Archive (third-party module)
  • Version: 5.x
  • Date: 2008-January-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-009 - Workflow - Cross site scripting

Wed, 2008-01-23 21:26
  • Advisory ID: DRUPAL-SA-2008-009
  • Project: Workflow (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-23
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-008 - Meta tags - Arbitrary code execution

Mon, 2008-01-14 08:48
  • Advisory ID: DRUPAL-SA-2008-008
  • Project: Meta tags / Nodewords (third-party module)
  • Version: 5.x-1.6
  • Date: 2007-January-14
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

SA-2008-007 - Drupal core - Cross site scripting (register_globals)

Thu, 2008-01-10 21:03
  • Advisory ID: DRUPAL-SA-2008-007
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting when register_globals is enabled.

read more