Home

News aggregator

Project issue tracking - Access bypass

Drupal Security Announcements - March 8, 2007 - 12:00am
  • Advisory ID: DRUPAL-SA-2007-012.
  • Project: Project issue tracking (third-party module).
  • Version: 4.7.x-1.*, 4.7.x-2.*, 5.x-0.*.
  • Date: 2007-March-08.
  • Security risk: Critical.
  • Exploitable from: Remote.
  • Vulnerability: Access bypass.

read more

Nodefamily - Access bypass

Drupal Security Announcements - March 6, 2007 - 12:25pm
  • Advisory ID: DRUPAL-SA-2007-011
  • Project: Node familty (third-party module)
  • Version: 5.x
  • Date: 2007-March-6
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

Secure site - Access bypass

Drupal Security Announcements - February 15, 2007 - 7:12pm
  • Advisory ID: DRUPAL-SA-2007-010
  • Project: Secure site (third-party module)
  • Version: 4.7, 5
  • Date: 2007-Feb-16
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass

read more

getID3 library and Audio, Mediafield - arbitrary code execution

Drupal Security Announcements - February 15, 2007 - 5:21pm
  • Advisory ID: DRUPAL-SA-2007-009.
  • Project: getID3 (third-party library) used by Audio and Mediafield
  • Version: getID3 1.7.1
  • Date: 2007-Feb-16
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Image pager - Cross site scripting

Drupal Security Announcements - February 15, 2007 - 1:24am
  • Advisory ID: DRUPAL-SA-2007-008
  • Project: Image Pager (third-party module)
  • Version: 4.7.x-1.x-dev, 5.x-1.x-dev
  • Date: 2007-02-15
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Cross site scripting

read more

Textimage - response validation bypass

Drupal Security Announcements - January 31, 2007 - 1:59am
  • Advisory ID: DRUPAL-SA-2007-007
  • Project: Textimage (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-31
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

read more

Textimage - response validation bypass

Drupal Security Announcements - January 31, 2007 - 1:59am
  • Advisory ID: DRUPAL-SA-2007-007
  • Project: Textimage (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-31
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

read more

Captcha - response validation bypass

Drupal Security Announcements - January 30, 2007 - 1:43pm
  • Advisory ID: DRUPAL-SA-2007-006
  • Project: Captcha (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

read more

Captcha - response validation bypass

Drupal Security Announcements - January 30, 2007 - 1:43pm
  • Advisory ID: DRUPAL-SA-2007-006
  • Project: Captcha (third-party module)
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-30
  • Security risk: Less critical
  • Exploitable from: Remote
  • Vulnerability: Captcha bypass

read more

Drupal core - Arbitrary code execution

Drupal Security Announcements - January 29, 2007 - 11:11am
  • Advisory ID: DRUPAL-SA-2007-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Drupal core - Arbitrary code execution

Drupal Security Announcements - January 29, 2007 - 11:11am
  • Advisory ID: DRUPAL-SA-2007-005
  • Project: Drupal core
  • Version: 4.7.x, 5.x
  • Date: 2007-Jan-29
  • Security risk: Highly critical
  • Exploitable from: Remote
  • Vulnerability: Arbitrary code execution

read more

Project and Project issue tracking - Multiple vulnerabilities

Drupal Security Announcements - January 23, 2007 - 1:04pm
  • Advisory ID: DRUPAL-SA-2007-004.
  • Project: Project and Project issue tracking (third party modules).
  • Date: 2007-Jan-23.
  • Security risk: Moderately critical.
  • Exploitable from: Remote.
  • Vulnerability: Access bypass, Cross site scripting, and unsafe file upload handling.

read more

Project and Project issue tracking - Multiple vulnerabilities

Drupal Security Announcements - January 23, 2007 - 1:04pm
  • Advisory ID: DRUPAL-SA-2007-004.
  • Project: Project and Project issue tracking (third party modules).
  • Date: 2007-Jan-23.
  • Security risk: Moderately critical.
  • Exploitable from: Remote.
  • Vulnerability: Access bypass, Cross site scripting, and unsafe file upload handling.

read more

Acidfree - SQL injection

Drupal Security Announcements - January 23, 2007 - 1:03pm
  • Advisory ID: DRUPAL-SA-2007-003.
  • Project: Acidfree (third-party module).
  • Version: 4.6.x, 4.7.x
  • Date: 2007-Jan-23.
  • Security risk: Highly critical.
  • Exploitable from: Remote.
  • Vulnerability: SQL Injection.

read more

Acidfree - SQL injection

Drupal Security Announcements - January 23, 2007 - 1:03pm
  • Advisory ID: DRUPAL-SA-2007-003.
  • Project: Acidfree (third-party module).
  • Version: 4.6.x, 4.7.x
  • Date: 2007-Jan-23.
  • Security risk: Highly critical.
  • Exploitable from: Remote.
  • Vulnerability: SQL Injection.

read more

Drupal core - Denial of service

Drupal Security Announcements - December 19, 2006 - 7:53am
  • Advisory ID: DRUPAL-SA-2007-002.
  • Project: Drupal Core.
  • Version: 4.6, 4.7
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Denial of service.

read more

Drupal core - Denial of service

Drupal Security Announcements - December 19, 2006 - 7:53am
  • Advisory ID: DRUPAL-SA-2007-002.
  • Project: Drupal Core.
  • Version: 4.6, 4.7
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Denial of service.

read more

Drupal core - Cross site scripting

Drupal Security Announcements - December 19, 2006 - 7:43am
  • Advisory ID: DRUPAL-SA-2007-001.
  • Project: Drupal Core.
  • Version: 4.6, 4.7.
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

read more

Drupal core - Cross site scripting

Drupal Security Announcements - December 19, 2006 - 7:43am
  • Advisory ID: DRUPAL-SA-2007-001.
  • Project: Drupal Core.
  • Version: 4.6, 4.7.
  • Date: 2007-Jan-05.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

read more

MySite - Cross site scripting

Drupal Security Announcements - December 18, 2006 - 1:21am
  • Advisory ID: DRUPAL-SA-2006-032.
  • Project: MySite (third-party module).
  • Version: 4.7.0, 4.7.x-3.2, 5.x-1.2.
  • Date: 2006-12-18.
  • Security risk: Less critical.
  • Exploitable from: Remote.
  • Vulnerability: Cross site scripting.

read more

12next ›last »
Syndicate content