Drupal Security Announcements | Quilombo Project

Drupal Security Announcements

This list is for security announcements sent out be the Drupal security team.

URL

http://drupal.org/taxonomy/term/44/0

Last update

6 hours 33 min ago

November 26, 2008

14:47

SA-2008-071 - User Karma - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-071
Project: User Karma
Versions: 5.x and 6.x
Date: 2008-November-26
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: SQL injection, Cross-site scripting (XSS)

12:40

SA-2008-070 - Comment Mail - Cross site request forgery

Advisory ID: DRUPAL-SA-2008-070
Project: Comment Mail
Versions: 5.x
Date: 2008-November-26
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

November 5, 2008

12:51

SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities

Advisory ID: DRUPAL-SA-2008-069
Project: Content Construction Kit (third-party module)
Versions: 5.x, 6.x
Date: 2008-November-5
Security risk: Minor
Exploitable from: Remote
Vulnerability: Cross site scripting

October 22, 2008

14:34

SA-2008-068 - Localization client and Localization server - Cross site request forgery

Advisory ID: DRUPAL-SA-2008-068
Project: Localization client and Localization server (third-party modules)
Versions: 5.x, 6.x
Date: 2008-October-22
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site request forgery

13:06

SA-2008-067 - Drupal core - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-067
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-22
Security risk: Less Critical
Exploitable from: Local/Remote
Vulnerability: Multiple vulnerabilities

October 15, 2008

13:02

SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-066
Project: Shindig-Integrator (third-party module)
Versions: 5.x
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

12:27

SA-2008-065 - Node Clone - Access bypass

Advisory ID: DRUPAL-SA-2008-065
Project: Node Clone (third-party module)
Version: 6.x, and 5.x.
Date: 2008-October-15
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Access bypass

10:46

SA-2008-064 - Node Vote - SQL injection vulnerability

Advisory ID: DRUPAL-SA-2008-064
Project: Node Vote (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-15
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection

October 9, 2008

13:41

SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates

Advisory ID: DRUPAL-SA-2008-063
Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
Version: 6.x
Date: 2008-October-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

October 8, 2008

15:47

SA-2008-062 - SIOC - access bypass

Advisory ID: DRUPAL-SA-2008-062
Project: SIOC (third-party module)
Versions: 5.x and 6.x
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

15:45

SA-2008-061 - Everyblog - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-061
Project: EveryBlog (third-party module)
Versions: 5.x and 6.x
Date: 2008-October-08
Security risk: Highly critical
Exploitable from: Remote
Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass

15:43

SA-2008-060 - Drupal core - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-060
Project: Drupal core
Versions: 5.x and 6.x
Date: 2008-October-8
Security risk: Critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

15:28

SA-2008-063 - multiple modules - Access bypass due to incorrect Drupal 6 updates

Advisory ID: DRUPAL-SA-2008-063
Project: Several Modules incorrectly updated for the Drupal 6 menu system
Version: 6.x
Date: 2008-October-8
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Access bypass

October 1, 2008

14:24

SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting

Advisory ID: DRUPAL-SA-2008-059
Project: Brilliant Gallery (third-party module)
Versions: 5.x
Date: 2008-October-1
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection and Cross Site Scripting

September 24, 2008

16:42

SA-2008-058 - Brilliant Gallery - SQL Injection

Advisory ID: DRUPAL-SA-2008-058
Project: Brilliant Gallery (third-party module)
Versions: 5.x, 6.x
Date: 2008-September-25
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection

13:48

SA-2008-057 - Ajax Checklist - Multiple vulnerabilities

Advisory ID: DRUPAL-SA-2008-057
Project: Ajax Checklist (third-party module)
Versions: 5.x
Date: 2008-September-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: SQL injection, Cross site scripting

12:58

SA-2008-056 - Simplenews - Cross site scripting

Advisory ID: DRUPAL-SA-2008-056
Project: Simplenews (third-party module)
Versions: 5.x, 6.x
Date: 2008-September-24
Security risk: Not Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

12:13

SA-2008-055 - Stock - Cross site scripting

Advisory ID: DRUPAL-SA-2008-055
Project: Stock (third-party module)
Versions: 6.x
Date: 2008-September-24
Security risk: Moderately Critical
Exploitable from: Remote
Vulnerability: Cross site scripting

10:54

SA-2008-054 - Plugin Manager - Access bypass

Advisory ID: DRUPAL-SA-2008-054
Project: Plugin Manager (third-party module)
Versions: 6.x
Date: 2008-September-24
Security risk: Critical
Exploitable from: Remote
Vulnerability: Access bypass

September 18, 2008

07:31

SA-2008-053 - Answers - Cross site scripting

Advisory ID: DRUPAL-SA-2008-053
Project: Answers (third-party module)
Versions: 5.x
Date: 2008-September-18
Security risk: Critical
Exploitable from: Remote
Vulnerability: Cross site scripting