• Advisory ID: DRUPAL-SA-CONTRIB-2010-089
• Project: Simplenews content selection (third-party module)
• Version: 6.x
• Date: 2010-August-18
• Security risk: Less critical
• Exploitable from: Remote
• Vulnerability: Cross site scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-088
• Project: Content Construction Kit (CCK) (third-party module)
• Version: 6.x
• Date: 2010-August-11
• Security risk: Less Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-087
• Project: GovDelivery Integration (third-party module)
• Version: 6.x
• Date: 2010-Aug-11
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross site scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-086
• Project: Prepopulate (third-party module)
• Version: 5.x and 6.x
• Date: 2010-Aug-11
• Security risk: Moderately Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-085
• Project: Pathauto (third-party module)
• Version: 5.x, 6.x
• Date: 2010-August-11
• Security risk: Less critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-084
• Project: OpenID (third-party module)
• Version: 5.x
• Date: 2010-Aug-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Authentication bypass

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-083
• Project: UC2Checkout, UCPaypal, UC Cart LInks (third-party modules in the Ubercart Project)
• Version: 5.x, 6.x
• Date: 2010-Aug-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Access Bypass, Cross Site Request Forgery

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-082
• Project: Printer, e-mail and PDF versions (third-party module)
• Version: 5.x, 6.x
• Date: 2010-August-11
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Local file read access

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-081
• Project: FileField Sources (third-party module)
• Version: 6.x
• Date: 2010-May-19
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Arbitrary Code Execution

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-080
• Project: Privatemsg (third-party module)
• Version: 6.x
• Date: 2010-August-11
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross-Site Scripting

read more

• Advisory ID: SA-CONTRIB-2010-079
• Project: Devel (third-party module)
• Version: 5.x, 6.x
• Date: 2010-Aug-04
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-078
• Project: Kaltura (third-party module)
• Versions: 5.x, 6.x
• Date: 2010-July-28
• Security risk: Less Critical
• Exploitable from: Remote
• Vulnerability: Information disclosure

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-077
• Project: Sage Pay Direct Payment Gateway for Ubercart (third-party module)
• Version: 5.x, 6.x
• Date: 2010-July-28
• Security risk: Less Critical
• Exploitable from: Remote
• Vulnerability: Information Disclosure

read more

• Advisory ID: SA-CONTRIB-2010-076
• Project: Dashboard (third-party module)
• Version: 6.x
• Date: 2010-July-28
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-075
• Project: Tagging (third-party module)
• Version: 6.x
• Date: 2010-July 21
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-074
• Projects: Drupad (third-party module)
• Version: 6.x
• Date: 2010-07-14
• Security risks: Critical
• Exploitable from: Remote
• Vulnerability: CSRF

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-073
• Projects: Multiple third party modules - Simple Gallery, OG Menu, Tell A Friend Node, JsMath For Displaying Mathematics With TeX
• Version: 5.x, 6.x
• Date: 2010-July-14
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Multiple (Cross Site Scripting, Email Header Injection)

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-0XX
• Project: Hierarchical Select (third-party module)
• Version: 5.x, 6.x
• Date: 2010-July-07
• Security risk: Moderately critical
• Exploitable from: Remote
• Vulnerability: Cross Site Scripting

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-071
• Project: MultiSafepay Integration (third-party module)
• Version: 6.x
• Date: 2010-July-07
• Security risk: Critical
• Exploitable from: Remote
• Vulnerability: Cross Site Request Forgery

read more

• Advisory ID: DRUPAL-SA-CONTRIB-2010-070
• Projects: Multiple third party modules - Easy Translator, Block Queue, Multiple Image Upload (Imagex)
• Version: 5.x, 6.x
• Date: 2010-06-23
• Security risks: Critical
• Exploitable from: Remote
• Vulnerability: Multiple (SQL Injection, CSRF, Access bypass)

read more