Security-news

security-news@drupal.org

1 participants
1782 discussions

SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)
by security-news＠drupal.org 12 Sep '12

12 Sep '12

View online: http://drupal.org/node/1782686 * Advisory ID: DRUPAL-SA-CONTRIB-2012-140 * Project: Inf08 [1] (third-party module) * Version: 6.x * Date: 2012-September-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting -------- DESCRIPTION --------------------------------------------------------- Inf08 is a valid XHTML 1.0 Strict / CSS 2.1 theme ported from the free CSS template. The theme contains an arbitrary script injection vulnerability (XSS) due to the fact that it fails to sanitize user supplied taxonomy vocabulary names before display. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer taxonomy". CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Inf08 6.x-1.x versions prior to 6.x-1.10. Drupal core is not affected. If you do not use the contributed Inf08 [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Inf08 theme for Drupal 6.x, upgrade to Inf08 6.x-1.10 [4] Also see the Inf08 [5] project page. -------- REPORTED BY --------------------------------------------------------- * Justin C. Klein Keane [6] -------- FIXED BY ------------------------------------------------------------ * kong [7], the theme maintainer -------- COORDINATED BY ------------------------------------------------------ * Klaus Purer [8] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [9]. Learn more about the Drupal Security team and their policies [10], writing secure code for Drupal [11], and securing your site [12]. [1] http://drupal.org/project/inf08 [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/inf08 [4] http://drupal.org/node/1782286 [5] http://drupal.org/project/inf08 [6] http://drupal.org/user/15344 [7] http://drupal.org/user/46601 [8] http://drupal.org/user/262198 [9] http://drupal.org/contact [10] http://drupal.org/security-team [11] http://drupal.org/writing-secure-code [12] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-141 - Mass Contact - Access bypass
by security-news＠drupal.org 12 Sep '12

12 Sep '12

View online: http://drupal.org/node/1782832 * Advisory ID: DRUPAL-SA-CONTRIB-2012-141 * Project: Mass Contact [1] (third-party module) * Version: 6.x * Date: 2012-September-12 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- This module allows anyone with permission to send a single message to multiple users of a site, using its roles functionality. The module doesn't sufficiently check permissions after the form has been submitted. This vulnerability is mitigated by the fact that an attacker must use a tool of some kind (like the Tamper Data Firefox add-on) to intercept the form submission request in order to modify the settings. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Mass Contact 6.x-1.x versions prior to 6.x-1.2. Drupal core is not affected. If you do not use the contributed Mass Contact [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Mass Contact module for Drupal 6.x, upgrade to Mass Contact 6.x-1.2 [4] Also see the Mass Contact [5] project page. -------- REPORTED BY --------------------------------------------------------- * Michael Orlitzky [6] -------- FIXED BY ------------------------------------------------------------ * Michael Orlitzky [7] * Jason Flatt [8] the module maintainer -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [9] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. [1] http://drupal.org/project/mass_contact [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/mass_contact [4] http://drupal.org/node/1782766 [5] http://drupal.org/project/mass_contact [6] http://drupal.org/user/1731656 [7] http://drupal.org/user/1731656 [8] http://drupal.org/user/4649 [9] http://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-138 - Exposed Filter Data - Cross Site Scripting (XSS)
by security-news＠drupal.org 05 Sep '12

05 Sep '12

View online: http://drupal.org/node/1775582 * Advisory ID: DRUPAL-SA-CONTRIB-2012-138 * Project: Exposed Filter Data [1] (third-party module) * Version: 6.x * Date: 2012-September-05 * Security risk: Critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting -------- DESCRIPTION --------------------------------------------------------- The Exposed Filter Data facilitates displaying data posted to Views via an exposed filter. The module does not properly sanitize user-supplied data prior to output, leading to a Cross-Site Scripting (XSS) vulnerability. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Exposed Filter Data 6.x-1.x versions prior to 6.x-1.2. Drupal core is not affected. If you do not use the contributed Exposed Filter Data [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Exposed Filter Data module for Drupal 6.x, upgrade to Exposed Filter Data 6.x-1.2 [4]. * The 7.x-1.x branch is not vulnerable. If you use Exposed Filter Data for Drupal 7.x, there is nothing you need to do. Also see the Exposed Filter Data [5] project page. -------- REPORTED BY --------------------------------------------------------- * Joe Tsui [6] * ekes [7] -------- FIXED BY ------------------------------------------------------------ * Shushu Inbar [8], the module maintainer -------- COORDINATED BY ------------------------------------------------------ * Michael Hess (mlhess [9]) of the Drupal Security Team * Ivo Van Geertruyen (mr.baileys [10]) of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. [1] http://drupal.org/project/exposed_filter_data [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/exposed_filter_data [4] http://drupal.org/node/1774636 [5] http://drupal.org/project/exposed_filter_data [6] https://drupal.org/user/125025 [7] http://drupal.org/user/10083 [8] https://drupal.org/user/99513 [9] http://drupal.org/user/102818 [10] http://drupal.org/user/383424 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-137 - Heartbeat - Cross Site Request Forgery (CSRF) in heartbeat_comments
by security-news＠drupal.org 05 Sep '12

05 Sep '12

View online: http://drupal.org/node/1775470 * Advisory ID: DRUPAL-SA-CONTRIB-2012-137 * Project: Heartbeat [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-September-5 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Request Forgery -------- DESCRIPTION --------------------------------------------------------- This module enables you to display activity for events on a site. The module doesn't sufficiently check the heartbeat comment post values making it possible for an attacker to cause a user to unknowingly make comments. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * heartbeat_comments 6.x-4.x versions prior to 6.x-4.11. * heartbeat_comments 7.x-1.x versions prior to 7.x-1.0. Drupal core is not affected. If you do not use the contributed Heartbeat [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the heartbeat_comments or shouts module for Drupal 6.x, upgrade to heartbeat 6.x-4.12 [4] * If you use the heartbeat_comments module for Drupal 7.x, upgrade to heartbeat 7.x-1.1 [5] Also see the Heartbeat [6] project page. -------- REPORTED BY --------------------------------------------------------- * Greg Knaddison [7] of the Drupal Security Team -------- FIXED BY ------------------------------------------------------------ * Stalski [8] the module maintainer -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [9] of the Drupal Security Team * Matt Chapman [10] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [11]. Learn more about the Drupal Security team and their policies [12], writing secure code for Drupal [13], and securing your site [14]. [1] http://drupal.org/project/heartbeat [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/heartbeat [4] http://drupal.org/node/1774140 [5] http://drupal.org/node/1774160 [6] http://drupal.org/project/heartbeat [7] http://drupal.org/user/36762 [8] http://drupal.org/user/322618 [9] http://drupal.org/user/36762 [10] http://drupal.org/user/143172 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762734 * Advisory ID: DRUPAL-SA-CONTRIB-2012-136 * Project: Apache Solr Autocomplete [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting -------- DESCRIPTION --------------------------------------------------------- Apache Solr Search Autocomplete module enables you to add autocomplete capabilities to the search text field for the Apache Solr Search Integration module. The module doesn't sufficiently filter the autocomplete results sent back from the Drupal site, so under the scenario where someone provided a URL with a specially-crafted search string embedded in it, the attacker could have a user execute arbitrary Javascript when clicking or focusing on the autocomplete text field. This vulnerability is mitigated by the fact that the attacked user must click or otherwise give focus to the text widget to have the Javascript activate. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Apache Solr Autocomplete 6.x-1.x versions prior to 6.x-1.4. * Apache Solr Autocomplete 7.x-1.x versions prior to 7.x-1.3. Drupal core is not affected. If you do not use the contributed Apache Solr Autocomplete [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version. * If you use the Apache Solr Autocomplete module for Drupal 6.x, upgrade to Apache Solr Autocomplete 6.x-1.4 [4] * If you use the Apache Solr Autocomplete module for Drupal 7.x, upgrade to Apache Solr Autocomplete 7.x-1.3 [5] Also see the Apache Solr Autocomplete [6] project page. -------- REPORTED BY --------------------------------------------------------- * drupaledmonk [7] -------- FIXED BY ------------------------------------------------------------ * Alejandro Garza [8] the module maintainer -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [9] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. [1] http://drupal.org/project/apachesolr_autocomplete [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/apachesolr_autocomplete [4] http://drupal.org/node/1762684 [5] http://drupal.org/node/1762686 [6] http://drupal.org/project/apachesolr_autocomplete [7] http://drupal.org/user/263391 [8] http://drupal.org/user/153120 [9] http://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762496 * Advisory ID: DRUPAL-SA-CONTRIB-2012-135 * Project: CAPTCHA [1] (third-party module) * Version: 6.x * Date: 2011-August-29 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single successful submission multiple times, reducing the effectiveness of the protection. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * CAPTCHA 6.x-2.x versions prior to 6.x-2.3 Drupal core is not affected. If you do not use the contributed CAPTCHA [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the CAPTCHA module for Drupal 6.x, upgrade to CAPTCHA 6.x-2.3 [4] or greater Also see the CAPTCHA [5] project page. -------- REPORTED BY --------------------------------------------------------- * LeeSai [6] * MustLive -------- FIXED BY ------------------------------------------------------------ * Stefaan Lippens [7] a CAPTCHA module maintainer -------- COORDINATED BY ------------------------------------------------------ * Owen Barton [8] of the Drupal Security Team * Greg Knaddison [9] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [10]. Learn more about the Drupal Security team and their policies [11], writing secure code for Drupal [12], and securing your site [13]. [1] http://drupal.org/project/captcha [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/captcha [4] http://drupal.org/node/967244 [5] http://drupal.org/project/captcha [6] http://drupal.org/user/680166 [7] http://drupal.org/user/41478 [8] http://drupal.org/user/19668 [9] http://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-134 - Views - Privilege Escalation
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762492 * Advisory ID: DRUPAL-SA-CONTRIB-2012-134 * Project: (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Critical [1] * Exploitable from: Remote * Vulnerability: Privilege escalation -------- DESCRIPTION --------------------------------------------------------- The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on that argument. This vulnerability is mitigated by the fact that it only affects sites with more roles than default where a role with a low role ID has more privileges than other roles on the site and where untrusted (i.e. potentially malicious) users are granted several of those roles. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Views 6.x-2.x versions prior to 6.x-2.16. Drupal core is not affected. If you do not use the contributed module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Views module for Drupal 6.x, upgrade to Views 6.x-2.16 [2] Also see the project page. -------- REPORTED BY --------------------------------------------------------- * Derek Wright [3] of the Drupal Security Team * John Preto [4] -------- FIXED BY ------------------------------------------------------------ * Derek Wright [5] one of module maintainers, also of the Drupal Security Team -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [6] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [7]. Learn more about the Drupal Security team and their policies [8], writing secure code for Drupal [9], and securing your site [10]. [1] http://drupal.org/security-team/risk-levels [2] http://drupal.org/node/1341504 [3] http://drupal.org/user/46549 [4] http://drupal.org/user/356949 [5] http://drupal.org/user/46549 [6] http://drupal.org/user/36762 [7] http://drupal.org/contact [8] http://drupal.org/security-team [9] http://drupal.org/writing-secure-code [10] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762482 * Advisory ID: DRUPAL-SA-CONTRIB-2012-133 * Project: Taxonomy Image [1] (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Cross Site Scripting, Arbitrary PHP code execution -------- DESCRIPTION --------------------------------------------------------- The taxonomy_image module allows site administrators to associate images with taxonomy terms. The module did not sufficiently filter retrieval of taxonomy images, allowing users to bypass Drupal's normal file upload protections to install malicious HTML or executable code to the server. This vulnerability is mitigated by the fact that an attacker must have the permissions "administer taxonomy" and "administer taxonomy images", and that the fix for SA-2006-006 - Drupal Core - Execution of arbitrary files in certain Apache configurations [3] should prevent code execution in typical Apache configurations. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Taxonomy Image 6.x-1.x versions prior to 6.x-1.7. Drupal core is not affected. If you do not use the contributed Taxonomy Image [4] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Taxonomy Image module for Drupal 6.x, upgrade to Taxonomy Image 6.x-1.7 [5] Also see the Taxonomy Image [6] project page. -------- REPORTED BY --------------------------------------------------------- * Chris Burgess [7] -------- FIXED BY ------------------------------------------------------------ * Nancy Wichmann [8], the module maintainer * Niklas Fiekas [9], the module maintainer * Chris Burgess [10] -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [11] of the Drupal Security Team * Ivo Van Geertruyen [12] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [13]. Learn more about the Drupal Security team and their policies [14], writing secure code for Drupal [15], and securing your site [16]. [1] http://drupal.org/project/taxonomy_image [2] http://drupal.org/security-team/risk-levels [3] https://drupal.org/node/65409 [4] http://drupal.org/project/taxonomy_image [5] http://drupal.org/node/1760678 [6] http://drupal.org/project/taxonomy_image [7] http://drupal.org/user/76026 [8] http://drupal.org/user/101412 [9] http://drupal.org/user/1089248 [10] http://drupal.org/user/76026 [11] http://drupal.org/user/36762 [12] http://drupal.org/user/383424 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-132 - Announcements - Access Bypass
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762480 * Advisory ID: DRUPAL-SA-CONTRIB-2012-132 * Project: Announcements [1] (third-party module) * Version: 6.x * Date: 2012-August-29 * Security risk: Moderately critical [2] * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- The Announcements module creates an "announcement" content type and provides both node views and block lists. The module doesn't sufficiently check node access under certain conditions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access announcements". CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Announcements 6.x-1.x versions prior to 6.x-1.5. Drupal core is not affected. If you do not use the contributed Announcements [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Announcements module for Drupal 6.x, upgrade to Announcements 6.x-1.5 [4] Also see the Announcements [5] project page. -------- REPORTED BY --------------------------------------------------------- * Michael Hess [6] of the Drupal Security Team -------- FIXED BY ------------------------------------------------------------ * Nancy Wichmann [7], the module maintainer -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [8] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [9]. Learn more about the Drupal Security team and their policies [10], writing secure code for Drupal [11], and securing your site [12]. [1] http://drupal.org/project/announcements [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/announcements [4] http://drupal.org/node/1761038 [5] http://drupal.org/project/announcements [6] http://drupal.org/user/102818 [7] http://drupal.org/user/101412 [8] http://drupal.org/user/36762 [9] http://drupal.org/contact [10] http://drupal.org/security-team [11] http://drupal.org/writing-secure-code [12] http://drupal.org/security/secure-configuration

1 0

SA-CONTRIB-2012-131 - Email Field - Access Bypass
by security-news＠drupal.org 29 Aug '12

29 Aug '12

View online: http://drupal.org/node/1762470 * Advisory ID: DRUPAL-SA-CONTRIB-2012-131 * Project: Email Field [1] (third-party module) * Version: 6.x, 7.x * Date: 2012-August-29 * Security risk: Less critical [2] * Exploitable from: Remote * Vulnerability: Access bypass -------- DESCRIPTION --------------------------------------------------------- The email module provides a field type (CCK / FieldAPI) for storing email addresses. Furthermore, it provides a formatter to output the email address as a link to a contact form. The contact form formatter allows a site visitor to email the stored address without letting them see what that e-mail address is. The module didn't sufficiently check access for the contact form page, allowing a site visitor to email the stored address on the entity without having access to the entity itself. CVE: Requested -------- VERSIONS AFFECTED --------------------------------------------------- * Email Field 6.x-1.x versions prior to 6.x-1.2. * Email Field 7.x-1.x versions prior to 7.x-1.1. Drupal core is not affected. If you do not use the contributed Email Field [3] module, there is nothing you need to do. -------- SOLUTION ------------------------------------------------------------ Install the latest version: * If you use the Email Field module for Drupal 6.x, upgrade to Email Field 6.x-1.3 [4] * If you use the Email Field module for Drupal 7.x, upgrade to Email Field 7.x-1.2 [5] Also see the Email Field [6] project page. -------- REPORTED BY --------------------------------------------------------- * Joachim Noreiko [7] -------- FIXED BY ------------------------------------------------------------ * Joachim Noreiko [8] * Matthias Hutterer [9] the module maintainer * Greg Knaddison [10] of the Drupal Security Team -------- COORDINATED BY ------------------------------------------------------ * Greg Knaddison [11] of the Drupal Security Team -------- CONTACT AND MORE INFORMATION ---------------------------------------- The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [12]. Learn more about the Drupal Security team and their policies [13], writing secure code for Drupal [14], and securing your site [15]. [1] http://drupal.org/project/email [2] http://drupal.org/security-team/risk-levels [3] http://drupal.org/project/email [4] http://drupal.org/node/1761968 [5] http://drupal.org/node/1761948 [6] http://drupal.org/project/email [7] http://drupal.org/user/107701 [8] http://drupal.org/user/107701 [9] http://drupal.org/user/59747 [10] http://drupal.org/user/36762 [11] http://drupal.org/user/36762 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Security-news