Skip navigation.
Home

Drupal Security Announcements

Syndicate content
This list is for security announcements sent out be the Drupal security team.
Updated: 4 years 22 weeks ago

SA-2008-006 - Drupal core - Cross site scripting (UTF8)

Thu, 2008-01-10 21:02
  • Advisory ID: DRUPAL-SA-2008-006
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

SA-2008-005 - Drupal core - Cross site request forgery

Thu, 2008-01-10 21:00
  • Advisory ID: DRUPAL-SA-2008-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

SA-2008-004 - Fileshare - Arbitrary code execution

Thu, 2008-01-10 19:42
  • Advisory ID: DRUPAL-SA-2008-004
  • Project: Fileshare (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

SA-2008-003 - BUEditor - CSRF

Thu, 2008-01-10 19:42
  • Advisory ID: DRUPAL-SA-2008-003
  • Project: BUEditor (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Not critical
  • Exploitable from: Remote
  • Vulnerability: Cross site request forgery

read more

SA-2008-002 - Atom - Access bypass

Thu, 2008-01-10 19:36
  • Advisory ID: DRUPAL-SA-2008-002
  • Project: Atom (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

SA-2008-001 - Devel - Cross site scripting

Thu, 2008-01-10 19:32
  • Advisory ID: DRUPAL-SA-2008-001
  • Project: Devel (third-party module)
  • Version: 5.x
  • Date: 2008-January-10
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more