Security announcements

Syndicate content
This list is for security announcements sent out be the Drupal security team.
Updated: 1 hour 51 min ago

SA-2008-047 - Drupal core - Multiple vulnerabilities

Thu, 2008-08-14 01:27
  • Advisory ID: DRUPAL-SA-2008-047
  • Project: Drupal core
  • Version: 5.x, 6.x
  • Date: 2008-August-13
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security

SA-2008-046 - Drupal core - Session fixation

Wed, 2008-07-23 21:58
  • Advisory ID: DRUPAL-SA-2008-046
  • Project: Drupal core
  • Version: 5.x
  • Date: 2008-July-23
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Session fixation

read more

Categories: Drupal, Security

SA-2008-045 - OpenID - Multiple vulnerabilities

Thu, 2008-07-10 00:08
  • Advisory ID: DRUPAL-SA-2008-045
  • Project: OpenID (third-party module)
  • Version: 5.x
  • Date: 2008-July-9
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting, Cross site request forgeries

read more

Categories: Drupal, Security

SA-2008-044 - Drupal core - Multiple vulnerabilities

Wed, 2008-07-09 23:24
  • Advisory ID: DRUPAL-SA-2008-044
  • Project: Drupal core
  • Version: 5x, 6.x
  • Date: 2008-July-9
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security

SA-2008-043 - Outline designer - Privilege escalation

Wed, 2008-07-02 22:56
  • Advisory ID: DRUPAL-SA-2008-043
  • Project: Outline designer (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation

read more

Categories: Drupal, Security

SA-2008-042 - Tinytax - Cross site scripting

Wed, 2008-07-02 22:51
  • Advisory ID: DRUPAL-SA-2008-042
  • Project: Tinytax taxonomy block (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security

SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities

Wed, 2008-07-02 22:48
  • Advisory ID: DRUPAL-SA-2008-041
  • Project: Taxonomy autotagger (third-party module)
  • Version: 5.x
  • Date: 2008-July-2
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and SQL injection

read more

Categories: Drupal, Security

SA-2008-040 - Organic Groups - Cross site scripting and information disclosure

Wed, 2008-07-02 22:42
  • Advisory ID: DRUPAL-SA-2008-040
  • Project: Organic Groups (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-July-02
  • Security risk: Less Critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and information disclosure

read more

Categories: Drupal, Security

SA-2008-039 - Suggested terms - Cross site scripting

Wed, 2008-06-25 20:53
  • Advisory ID: SA-2008-039
  • Project: Suggested terms (third-party module)
  • Versions: 5.x
  • Date: 2008-June-25
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security

SA-2008-038 - Services - Arbitrary code execution

Wed, 2008-06-18 23:50
  • Advisory ID: DRUPAL-SA-2008-038
  • Project: Services (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-18
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Categories: Drupal, Security

SA-2008-037 - TrailScout - XSS and SQL injection

Wed, 2008-06-18 23:07
  • Advisory ID: DRUPAL-SA-2008-037
  • Project: TrailScout (third-party module)
  • Version: 5.x
  • Date: 2008-June-18
  • Security risk: Higly critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting and SQL injection

read more

Categories: Drupal, Security

SA-2008-036 - Profile search - SQL Injection

Wed, 2008-06-18 17:15
  • Advisory ID: SA-2008-036
  • Project: Profile Search (third-party module)
  • Versions: 5.x
  • Date: 2008-July-18
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security

SA-2008-035 - Aggregation - Multiple vulnerabilities

Wed, 2008-06-11 21:44
  • Advisory ID: SA-2008-035
  • Project: Aggregation (third-party module)
  • Versions: 5.x
  • Date: 2008-June-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Multiple vulnerabilities

read more

Categories: Drupal, Security

SA-2008-034 - Node Hierarchy - Access bypass

Wed, 2008-06-11 21:24
  • Advisory ID: SA-2008-034
  • Project: Node Hierarchy (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Categories: Drupal, Security

SA-2008-033 - Taxonomy Image - Cross site scripting

Wed, 2008-06-11 18:11
  • Advisory ID: SA-2008-033
  • Project: Taxonomy Image (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-June-11
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Categories: Drupal, Security

SA-2008-032 - Magic Tabs - Arbitrary code execution

Wed, 2008-06-11 15:16
  • Advisory ID: SA-2008-032
  • Project: Magic Tabs (third-party module)
  • Versions: 5.x
  • Date: 2008-June-11
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Categories: Drupal, Security

SA-2008-031 - Pblog - Incorrect vulnerability report

Wed, 2008-06-11 14:31
  • Advisory ID: SA-2008-031
  • Project: Pblog (third-party module)
  • Versions: none
  • Date: 2008-June-11
  • Security risk: Not critical
  • Exploitable from: Remote
  • Subject: Incorrect vulnerability report

read more

Categories: Drupal, Security

SA-2008-030 - Site Documentation - Privilege escalation

Wed, 2008-05-14 21:02
  • Advisory ID: DRUPAL-SA-2008-030
  • Project: Site Documentation (third-party module)
  • Versions: 5.x and 6.x
  • Date: 2008-May-14
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Privilege escalation

read more

Categories: Drupal, Security