Drupal Security Announcements
This list is for security announcements sent out be the Drupal security team.
http://drupal.org/taxonomy/term/44/0
URL
Last update
2 years 10 weeks agoJuly 8, 2006
21:49
- Advisory ID: DRUPAL-SA-2006-010
- Project: webform
- Date: 2006-Jul-09
- Security risk: critical
- Impact: webform
- Exploitable from: remote
- Vulnerability: multiple cross-site scripting
July 4, 2006
12:40
- Advisory ID: DRUPAL-SA-2006-009
- Project: form_mail
- Date: 2006-Jul-4
- Security risk: moderately critical
- Impact: security bypass
- Exploitable from: remote
- Vulnerability: mail header injection attack
June 1, 2006
14:20
- Advisory ID: DRUPAL-SA-2006-008
- Project: Drupal core
- Date: 2006-Jun-01
- Security risk: less critical
- Impact: Drupal core
- Exploitable from: remote
- Vulnerability: cross-site scripting
13:49
- Advisory ID: DRUPAL-SA-2006-007
- Project: Drupal core and potentially any web application that accepts uploads.
- Date: 2006-Jun-01
- Security risk: highly critical
- Impact: Drupal core
- Exploitable from: remote
- Vulnerability: Execution of arbitrary files
May 24, 2006
20:19
- Advisory ID: DRUPAL-SA-2006-006
- Project: Drupal core
- Date: 2006-May-24
- Security risk: highly critical
- Impact: Drupal core
- Exploitable from: remote
- Vulnerability: Execution of arbitrary files
14:42
- Advisory ID: DRUPAL-SA-2006-005
- Project: Drupal core
- Date: 2006-May-18
- Security risk: highly critical
- Impact: Drupal core
- Exploitable from: remote
- Vulnerability: SQL injection
May 8, 2006
04:09
- Project: project module (contributed module)
- Security risk: less critical
- Impact: project module
- Where: from remote
- Vulnerability: malicious HTML execution and XSS attacks
