[Full-disclosure] [Security-news] SA-CONTRIB-2014-030 - SexyBookmarks - Information Disclosure

/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk

[Full-disclosure] [Security-news] SA-CONTRIB-2014-031 - Webform Template - Access Bypass

] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-029 - Mime Mail - Access Bypass

] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-028 - Masquerade - Access bypass

/user/724750 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security

[Full-disclosure] [Security-news] SA-CONTRIB-2014-027 - NewsFlash Theme - XSS

://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] [Security-news] SA-CONTRIB-2014-023 - Project Issue File Review - XSS

://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org

[Full-disclosure] [Security-news] SA-CONTRIB-2014-025 - Open Omega - Access Bypass

-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-024 - Content Lock - CSRF

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

[Full-disclosure] [Security-news] SA-CONTRIB-2014-026 - Mime Mail - Access bypass

-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe

[Full-disclosure] [Security-news] SA-CONTRIB-2014-022 - Slickgrid - Access bypass

[13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

://drupal.org/user/66894 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list

[Full-disclosure] [Security-news] SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass

://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-015 - FileField - Access Bypass

/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2014-016 - Mayo Theme - XSS Vulnerability

/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk

[Full-disclosure] [Security-news] SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)

://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-020 - Drupal Commons - Cross Site Scripting (XSS)

] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] [Security-news] SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)

/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure

[Full-disclosure] [Security-news] SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2014-010 Services - Access Bypass and Privilege Escalation

/writing-secure-code [16] http://drupal.org/security/secure-configuration [17] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-011 - Push Notifications - Information Disclosure

] http://drupal.org/user/724750 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-012- Modal Frame API - Cross Site Scripting (XSS)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

[Full-disclosure] [Security-news] SA-CONTRIB-2014-007 - Services - Multiple access bypass vulnerabilities

-configuration [18] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2014-008 - Tribune - Cross Site Scripting (XSS)

/writing-secure-code [11] http://drupal.org/security/secure-configuration [12] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-004 - Secure Cookie Data - Faulty Hashing

/security/secure-configuration [19] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full

[Full-disclosure] [Security-news] SA-CONTRIB-2014-005 - Leaflet - Access bypass

/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full

[Full-disclosure] [Security-news] SA-CONTRIB-2014-003 - Doubleclick for Publishers DFP - Cross Site Scripting (XSS)

[12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect

://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CORE-2014-001 - Drupal core - Multiple vulnerabilities

[25] http://drupal.org/security/secure-configuration [26] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)

/secure-configuration [14] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We

[Full-disclosure] [Security-news] SA-CONTRIB-2014-001 - Entity API - Access Bypass

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] [Security-news] PSA-2014-001 - Media - Access Bypass

] http://drupal.org/security/secure-configuration [15] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-098 - Ubercart - Session Fixation Vulnerability

[14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration [16] https://twitter.com/drupalsecurity ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security

[Full-disclosure] [Security-news] SA-CONTRIB-2013-097 - OG Features - Access bypass

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

[Full-disclosure] [Security-news] SA-CONTRIB-2013-093 - Invitation - Access Bypass

/writing-secure-code [12] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full

[Full-disclosure] [Security-news] SA-CONTRIB-2013-094 - EU Cookie Compliance - Cross Site Scripting (XSS)

[13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-096 - Entity reference - Access bypass

://drupal.org/user/329570 [12] https://drupal.org/user/36762 [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration ___ Security-news mailing list

[Full-disclosure] [Security-news] SA-CONTRIB-2013-095 - Organic Groups - Access bypass

/user/45640 [13] https://drupal.org/user/329570 [14] http://drupal.org/contact [15] http://drupal.org/security-team [16] http://drupal.org/writing-secure-code [17] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n

[Full-disclosure] [Security-news] SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] [Security-news] SA-CONTRIB-2013-091 - Groups, Communities and Co (GCC) - Access Bypass

://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-090 - Revisioning - Access Bypass

[14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-092 - Misery - Denial of Service (DOS) vulnerability.

://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass

/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full

[Full-disclosure] [Security-news] SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] [Security-news] SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

[13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-084 - FileField Sources - Access Bypass

/user/329570‎ [13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-083 - Quiz - Access Bypass

[16] http://drupal.org/contact [17] http://drupal.org/security-team [18] http://drupal.org/writing-secure-code [19] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-085 - Feed Element Mapper - Cross Site Scripting

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] [Security-news] SA-CONTRIB-2013-086 - Monster Menus - Access bypass

://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] PSA-2013-002: Direct download links available even during Drupal.org upgrade window

] https://drupal.org/node/2124241 [3] https://drupal.org/node/2124289 ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full

[Full-disclosure] [Security-news] SA-CONTRIB-2013-074 - MediaFront - Cross Site Scripting (XSS)

-code [16] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We

[Full-disclosure] [Security-news] SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)

] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-075 - Click2Sell - Multiple Vulnerabilities (XSS and CSRF)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted

[Full-disclosure] [Security-news] SA-CONTRIB-2013-073 - Make Meeting Scheduler - Access Bypass

/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] PSA-2013-001: Drupal core - Users can insert hidden text and links

[6] http://drupal.org/security-team [7] http://drupal.org/writing-secure-code [8] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security

[Full-disclosure] [Security-news] SA-CONTRIB-2013-072 - Node View Permissions - Access Bypass

] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-071 - Flag - Cross Site Scripting

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure

[Full-disclosure] [Security-news] SA-CONTRIB-2013-070 - Zen - Cross Site Scripting

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure

[Full-disclosure] [Security-news] SA-CONTRIB-2013-067 - BOTCHA - Information Disclosure (potential Privilege Escalation)

://drupal.org/user/1209848 [11] http://drupal.org/user/36762 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list

[Full-disclosure] [Security-news] SA-CONTRIB-2013-068 - Entity API - Access Bypass

://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-069 - Password Policy - XSS

-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass

] https://drupal.org/user/896508 [10] https://drupal.org/user/262198 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing

[Full-disclosure] [Security-news] SA-CONTRIB-2013-064 - Persona - Cross site request forgery (CSRF)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

[Full-disclosure] [Security-news] SA-CONTRIB-2013-063 - Authenticated User Page Caching (Authcache) - Information Disclosure

-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

://drupal.org/user/329570 [14] http://drupal.org/contact [15] http://drupal.org/security-team [16] http://drupal.org/writing-secure-code [17] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities

://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-061 - Flippy - Access Bypass

] http://drupal.org/user/633216 [9] http://drupal.org/user/36762 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing

[Full-disclosure] [Security-news] SA-CONTRIB-2013-060 - Scald - Cross Site Scripting (XSS)

://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-058 - MRBS - Abandoned - Mutliple vulnerabilities

/writing-secure-code [11] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full

[Full-disclosure] [Security-news] SA-CONTRIB-2013-059 - Hostmaster (Aegir) - Access Bypass

://drupal.org/user/368613 [10] http://drupal.org/user/36762 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n

[Full-disclosure] [Security-news] SA-CONTRIB-2013-056 - Stage File Proxy - Denial of Service

/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-055 - Hatch - Cross Site Scripting

/user/1151108 [9] http://drupal.org/user/395439 [10] http://drupal.org/contact [11] http://drupal.org/security-team [12] http://drupal.org/writing-secure-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n

[Full-disclosure] [Security-news] SA-CONTRIB-2013-057 - TinyBox - Cross Site Scripting (XSS)

/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] [Security-news] SA-CONTRIB-2012-136 - Apache Solr Search Autocomplete - Cross Site Scripting (XSS)

-code [13] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We

[Full-disclosure] [Security-news] SA-CONTRIB-2013-054 - Fast Permissions Administration - Access Bypass

/329794 [9] http://drupal.org/user/163737 [10] http://drupal.org/user/262198 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-053 - Login Security - Multiple Vulnerabilities

://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-052 - Display Suite - Cross Site Scripting (XSS)

/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-051 - Services - Cross site request forgery (CSRF)

] http://drupal.org/user/262198 [12] http://drupal.org/contact [13] http://drupal.org/security-team [14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org

[Full-disclosure] [Security-news] SA-CONTRIB-2013-048 - Edit Limit - Access Bypass

://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman

[Full-disclosure] [Security-news] SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

/user/36762 [13] http://drupal.org/user/241220 [14] http://drupal.org/contact [15] http://drupal.org/security-team [16] http://drupal.org/writing-secure-code [17] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n

[Full-disclosure] [Security-news] SA-CONTRIB-2013-050 - Webform - Cross Site Scripting (XSS)

] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass

] http://drupal.org/security-team [16] http://drupal.org/writing-secure-code [17] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-046 - Filebrowser - Reflected Cross Site Scripting (XSS)

/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-043 - MP3 Player - Cross Site Scripting (XSS)

[10] http://drupal.org/writing-secure-code [11] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html

[Full-disclosure] [Security-news] SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored

[Full-disclosure] [Security-news] SA-CONTRIB-2013-042 - RESTful Web Services (RESTWS) - Denial of Service

[14] http://drupal.org/writing-secure-code [15] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-040 - Commerce Skrill (Formerly Moneybookers) - Access bypass

[13] http://drupal.org/contact [14] http://drupal.org/security-team [15] http://drupal.org/writing-secure-code [16] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http

[Full-disclosure] [Security-news] SA-CONTRIB-2013-041 - Chaos tool suite (ctools) - Access bypass

://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-036 - Zero Point - Cross Site Scripting (XSS)

://drupal.org/user/36762 [11] http://drupal.org/contact [12] http://drupal.org/security-team [13] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-038 - Commons Groups - Access bypass Privilege escalation

://drupal.org/user/36762 [14] http://drupal.org/user/91990 [15] http://drupal.org/contact [16] http://drupal.org/security-team [17] http://drupal.org/writing-secure-code [18] http://drupal.org/security/secure-configuration ___ Security-news mailing list

[Full-disclosure] [Security-news] SA-CONTRIB-2013-037 - Rules - Cross Site Scripting (XSS)

] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-039 - Commons Wikis - Access bypass Privilege escalation

://drupal.org/user/91990 [15] http://drupal.org/contact [16] http://drupal.org/security-team [17] http://drupal.org/writing-secure-code [18] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)

://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe

[Full-disclosure] [Security-news] SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass

://drupal.org/writing-secure-code [11] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-031 - Premium Responsive theme - Cross Site Scripting (XSS)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full

[Full-disclosure] [Security-news] SA-CONTRIB-2013-024 - Creative Theme - Cross Site Scripting (XSS)

://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter

[Full-disclosure] [Security-news] SA-CONTRIB-2013-026 - Best Responsive Theme - Cross Site Scripting (XSS)

] http://drupal.org/writing-secure-code [14] http://drupal.org/security/secure-configuration ___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news

[Full-disclosure] [Security-news] SA-CONTRIB-2013-025 - Fresh Theme - Cross Site Scripting (XSS)

___ Security-news mailing list security-n...@drupal.org Unsubscribe at http://lists.drupal.org/mailman/listinfo/security-news ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia

  1   2   3   >