Drupal Security Announcements
This list is for security announcements sent out be the Drupal security team.
Updated: 14 hours 24 min ago
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
- Advisory ID: DRUPAL-SA-2008-063
- Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
- Version: 6.x
- Date: 2008-October-8
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-062 - SIOC - access bypass
- Advisory ID: DRUPAL-SA-2008-062
- Project: SIOC (third-party module)
- Versions: 5.x and 6.x
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-061 - Everyblog - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-061
- Project: EveryBlog (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-October-08
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass
SA-2008-060 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-060
- Project: Drupal core
- Versions: 5.x and 6.x
- Date: 2008-October-8
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-2008-063 - multiple modules - Access bypass due to incorrect Drupal 6 updates
- Advisory ID: DRUPAL-SA-2008-063
- Project: Several Modules incorrectly updated for the Drupal 6 menu system
- Version: 6.x
- Date: 2008-October-8
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting
- Advisory ID: DRUPAL-SA-2008-059
- Project: Brilliant Gallery (third-party module)
- Versions: 5.x
- Date: 2008-October-1
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection and Cross Site Scripting
SA-2008-058 - Brilliant Gallery - SQL Injection
- Advisory ID: DRUPAL-SA-2008-058
- Project: Brilliant Gallery (third-party module)
- Versions: 5.x, 6.x
- Date: 2008-September-25
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection
SA-2008-057 - Ajax Checklist - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-057
- Project: Ajax Checklist (third-party module)
- Versions: 5.x
- Date: 2008-September-24
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection, Cross site scripting
SA-2008-056 - Simplenews - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-056
- Project: Simplenews (third-party module)
- Versions: 5.x, 6.x
- Date: 2008-September-24
- Security risk: Not Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-055 - Stock - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-055
- Project: Stock (third-party module)
- Versions: 6.x
- Date: 2008-September-24
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-054 - Plugin Manager - Access bypass
- Advisory ID: DRUPAL-SA-2008-054
- Project: Plugin Manager (third-party module)
- Versions: 6.x
- Date: 2008-September-24
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-053 - Answers - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-053
- Project: Answers (third-party module)
- Versions: 5.x
- Date: 2008-September-18
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-052 - Link To Us - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-052
- Project: Link To Us (third-party module)
- Versions: 5.x
- Date: 2008-September-17
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-051 - Mailsave - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-051
- Project: Mailsave (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-September-17
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-050 - Mailhandler - SQL injection
- Advisory ID: DRUPAL-SA-2008-050
- Project: Mailhandler (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-September-17
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection
SA-2008-049 - Talk - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-049
- Project: Talk (third-party module)
- Version: 5.x, 6.x
- Date: 2008-September-17
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting, Node access bypass
SA-2008-048-b - CCK - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-048-b
- Project: CCK (third-party module)
- Version: 5.x
- Date: 2008-Sep-04
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-047 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-047
- Project: Drupal core
- Version: 5.x, 6.x
- Date: 2008-August-13
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-2008-046 - Drupal core - Session fixation
- Advisory ID: DRUPAL-SA-2008-046
- Project: Drupal core
- Version: 5.x
- Date: 2008-July-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Session fixation
SA-2008-045 - OpenID - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-045
- Project: OpenID (third-party module)
- Version: 5.x
- Date: 2008-July-9
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting, Cross site request forgeries