News aggregator
SA-2008-069 - CCK for 5.x and 6.x - XSS vulnerabilities
- Advisory ID: DRUPAL-SA-2008-069
- Project: Content Construction Kit (third-party module)
- Versions: 5.x, 6.x
- Date: 2008-November-5
- Security risk: Minor
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-068 - Localization client and Localization server - Cross site request forgery
- Advisory ID: DRUPAL-SA-2008-068
- Project: Localization client and Localization server (third-party modules)
- Versions: 5.x, 6.x
- Date: 2008-October-22
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site request forgery
SA-2008-067 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-067
- Project: Drupal core
- Versions: 5.x and 6.x
- Date: 2008-October-22
- Security risk: Less Critical
- Exploitable from: Local/Remote
- Vulnerability: Multiple vulnerabilities
SA-2008-066 - Shindig-Integrator - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-066
- Project: Shindig-Integrator (third-party module)
- Versions: 5.x
- Date: 2008-October-15
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-2008-065 - Node Clone - Access bypass
- Advisory ID: DRUPAL-SA-2008-065
- Project: Node Clone (third-party module)
- Version: 6.x, and 5.x.
- Date: 2008-October-15
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-064 - Node Vote - SQL injection vulnerability
- Advisory ID: DRUPAL-SA-2008-064
- Project: Node Vote (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-October-15
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
- Advisory ID: DRUPAL-SA-2008-063
- Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
- Version: 6.x
- Date: 2008-October-8
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
- Advisory ID: DRUPAL-SA-2008-063
- Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
- Version: 6.x
- Date: 2008-October-8
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-062 - SIOC - access bypass
- Advisory ID: DRUPAL-SA-2008-062
- Project: SIOC (third-party module)
- Versions: 5.x and 6.x
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-061 - Everyblog - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-061
- Project: EveryBlog (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-October-08
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability:SQL injection, Cross-site scripting (XSS), Privilege escalation, access bypass
SA-2008-060 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-060
- Project: Drupal core
- Versions: 5.x and 6.x
- Date: 2008-October-8
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
- Advisory ID: DRUPAL-SA-2008-063
- Project: Several Third-Party Modules incorrectly updated for the Drupal 6 menu system
- Version: 6.x
- Date: 2008-October-8
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-059 - Brilliant Gallery - SQL Injection and Cross Site Scripting
- Advisory ID: DRUPAL-SA-2008-059
- Project: Brilliant Gallery (third-party module)
- Versions: 5.x
- Date: 2008-October-1
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection and Cross Site Scripting
SA-2008-058 - Brilliant Gallery - SQL Injection
- Advisory ID: DRUPAL-SA-2008-058
- Project: Brilliant Gallery (third-party module)
- Versions: 5.x, 6.x
- Date: 2008-September-25
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection
SA-2008-057 - Ajax Checklist - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-057
- Project: Ajax Checklist (third-party module)
- Versions: 5.x
- Date: 2008-September-24
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: SQL injection, Cross site scripting
SA-2008-056 - Simplenews - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-056
- Project: Simplenews (third-party module)
- Versions: 5.x, 6.x
- Date: 2008-September-24
- Security risk: Not Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-055 - Stock - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-055
- Project: Stock (third-party module)
- Versions: 6.x
- Date: 2008-September-24
- Security risk: Moderately Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-054 - Plugin Manager - Access bypass
- Advisory ID: DRUPAL-SA-2008-054
- Project: Plugin Manager (third-party module)
- Versions: 6.x
- Date: 2008-September-24
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Access bypass
SA-2008-053 - Answers - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-053
- Project: Answers (third-party module)
- Versions: 5.x
- Date: 2008-September-18
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
SA-2008-052 - Link To Us - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-052
- Project: Link To Us (third-party module)
- Versions: 5.x
- Date: 2008-September-17
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
