Being and non-being produce each other.
Difficult and easy complement each other.
Long and short define each other.
High and low oppose each other.
Fore and aft follow each other.
Drupal Security
This list is for security announcements sent out be the Drupal security team.
Updated: 4 hours 7 min ago
SA-2008-048 - CCK - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-048
- Project: CCK (third-party module)
- Version: 5.x
- Date: 2008-Sep-04
- Security risk: Not critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: CMS
SA-2008-047 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-047
- Project: Drupal core
- Version: 5.x, 6.x
- Date: 2008-August-13
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: CMS
SA-2008-046 - Drupal core - Session fixation
- Advisory ID: DRUPAL-SA-2008-046
- Project: Drupal core
- Version: 5.x
- Date: 2008-July-23
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Session fixation
Categories: CMS
SA-2008-045 - OpenID - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-045
- Project: OpenID (third-party module)
- Version: 5.x
- Date: 2008-July-9
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting, Cross site request forgeries
Categories: CMS
SA-2008-044 - Drupal core - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-044
- Project: Drupal core
- Version: 5x, 6.x
- Date: 2008-July-9
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: CMS
SA-2008-043 - Outline designer - Privilege escalation
- Advisory ID: DRUPAL-SA-2008-043
- Project: Outline designer (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Privilege escalation
Categories: CMS
SA-2008-042 - Tinytax - Cross site scripting
- Advisory ID: DRUPAL-SA-2008-042
- Project: Tinytax taxonomy block (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: CMS
SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-041
- Project: Taxonomy autotagger (third-party module)
- Version: 5.x
- Date: 2008-July-2
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and SQL injection
Categories: CMS
SA-2008-040 - Organic Groups - Cross site scripting and information disclosure
- Advisory ID: DRUPAL-SA-2008-040
- Project: Organic Groups (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-July-02
- Security risk: Less Critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and information disclosure
Categories: CMS
SA-2008-039 - Suggested terms - Cross site scripting
- Advisory ID: SA-2008-039
- Project: Suggested terms (third-party module)
- Versions: 5.x
- Date: 2008-June-25
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: CMS
SA-2008-038 - Services - Arbitrary code execution
- Advisory ID: DRUPAL-SA-2008-038
- Project: Services (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-18
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: CMS
SA-2008-037 - TrailScout - XSS and SQL injection
- Advisory ID: DRUPAL-SA-2008-037
- Project: TrailScout (third-party module)
- Version: 5.x
- Date: 2008-June-18
- Security risk: Higly critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting and SQL injection
Categories: CMS
SA-2008-036 - Profile search - SQL Injection
- Advisory ID: SA-2008-036
- Project: Profile Search (third-party module)
- Versions: 5.x
- Date: 2008-July-18
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: CMS
SA-2008-035 - Aggregation - Multiple vulnerabilities
- Advisory ID: SA-2008-035
- Project: Aggregation (third-party module)
- Versions: 5.x
- Date: 2008-June-11
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Categories: CMS
SA-2008-034 - Node Hierarchy - Access bypass
- Advisory ID: SA-2008-034
- Project: Node Hierarchy (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-11
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Access bypass
Categories: CMS
SA-2008-033 - Taxonomy Image - Cross site scripting
- Advisory ID: SA-2008-033
- Project: Taxonomy Image (third-party module)
- Versions: 5.x and 6.x
- Date: 2008-June-11
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Categories: CMS
SA-2008-032 - Magic Tabs - Arbitrary code execution
- Advisory ID: SA-2008-032
- Project: Magic Tabs (third-party module)
- Versions: 5.x
- Date: 2008-June-11
- Security risk: Highly critical
- Exploitable from: Remote
- Vulnerability: Arbitrary code execution
Categories: CMS
SA-2008-031 - Pblog - Incorrect vulnerability report
- Advisory ID: SA-2008-031
- Project: Pblog (third-party module)
- Versions: none
- Date: 2008-June-11
- Security risk: Not critical
- Exploitable from: Remote
- Subject: Incorrect vulnerability report
Categories: CMS


