Drupal Security Announcements
This list is for security announcements sent out be the Drupal security team.
Updated: 6 years 8 weeks ago
SA-2008-026 - Drupal core - Access bypass
- Advisory ID: DRUPAL-SA-2008-026
- Project: Drupal core
- Version: 6.x
- Date: 2008-April-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-025 - Simple access - Access bypass
- Advisory ID: DRUPAL-SA-2008-025
- Project: Simple access (third-party module)
- Version: 5.x-1.*
- Date: 2008-April-09
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-024 - Webform - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-024
- Project: Webform (third-party module)
- Version: 5.x, 6.x
- Date: 2008-April-03
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-023 - Ubercart - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-023
- Project: Ubercart (third-party module)
- Version: 5.x
- Date: 2008-April-02
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-022 - Flickr - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-022
- Project: Flickr (third-party module)
- Version: 5.x, 6.x
- Date: 2008-April-02
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-021 - Live - Cross site request forgery
- Advisory ID: DRUPAL-SA-2008-021
- Project: Live (third-party module)
- Version: 5.x
- Date: 2008-March-23
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-2008-020 - Ubercart - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-020
- Project: Ubercart (third-party module)
- Version: 5.x
- Date: 2008-March-12
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-019 - Refine by Taxonomy - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-019
- Project: Refine by Taxonomy (third-party module)
- Version: 5.x
- Date: 2008-March-05
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-018 - Drupal core - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-018
- Project: Drupal core
- Version: 6.0
- Date: 2008-February-27
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple cross site scripting vulnerabilities
SA-2008-017 - Header image - Access bypass
- Advisory ID: DRUPAL-SA-2008-017
- Project: Header image (third-party module)
- Version: 5.x-1.0
- Date: 2008-February-13
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0
- Advisory ID: DRUPAL-SA-2008-016
- Project: OpenID (third-party module)
- Version: 5.x-1.0
- Date: 2007-January-30
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Identity impersonation
SA-2008-015 - Comment Upload - Arbitrary file upload
- Advisory ID: DRUPAL-SA-2008-015
- Project: Comment upload (third-party module)
- Version: 4.7.x, 5.x
- Date: 2007-January-30
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary file upload
SA-2008-014 - Userpoints - Cross site request forgery
- Advisory ID: DRUPAL-SA-2008-014
- Project: Userpoints (third-party module)
- Version: 4.7.x, 5.x-2.x, 5.x-3.x
- Date: 2008-January-30
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-2008-013 - Project issue tracking - Arbitrary file upload
- Advisory ID: DRUPAL-SA-2008-013
- Project: Project issue tracking (third-party module)
- Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
- Date: 2007-January-30
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary file upload
SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables
- Advisory ID: DRUPAL-SA-2008-012
- Project: Project issue tracking (third-party module)
- Version: 4.7.x-1.x, 4.7.x-2.x, 5.x-1.x, 5.x-2.x
- Date: 2007-January-30
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross-site scripting (XSS)
SA-2008-011 - Securesite - Access bypass
- Advisory ID: DRUPAL-SA-2008-011
- Project: Secure Site (third-party module)
- Version: 5.x-1.0, 4.7.x-1.0
- Date: 2008-January-30
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-10 - Archive - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-010
- Project: Archive (third-party module)
- Version: 5.x
- Date: 2008-January-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-009 - Workflow - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-009
- Project: Workflow (third-party module)
- Version: 4.7.x, 5.x
- Date: 2008-January-23
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-008 - Meta tags - Arbitrary code execution
- Advisory ID: DRUPAL-SA-2008-008
- Project: Meta tags / Nodewords (third-party module)
- Version: 5.x-1.6
- Date: 2007-January-14
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
SA-2008-007 - Drupal core - Cross site scripting (register_globals)
- Advisory ID: DRUPAL-SA-2008-007
- Project: Drupal core
- Version: 4.7.x, 5.x
- Date: 2008-January-10
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting when register_globals is enabled.