Affiliation/Organization: Drupal Security Team


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (1 vulns), the following statistics apply:

Min Time To Patch:112 days
Avg Time To Patch:112 days
Max Time To Patch:112 days

Other Affiliations

Creditees Affiliated with Drupal Security Team have also affiliated with:

madirish.net (1)
Beyond Security's SecuriTeam Secure Disclosure (1)
Drupal (1)

Website: http://drupal.org/

Creditees currently or formerly associated with Drupal Security Team (32):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2010-10-29Ivo Van Geertruyen18
2010-11-10Dave Reid4
2010-11-12catch2
2010-12-08mr.baileys3
2011-02-02Heine Deelstra6
2011-02-02Greg Knaddison26
2011-02-02Peter Wolanin5
2011-03-23Dylan Wilder-Tack (grendzy)3
2011-04-27David Rothstein4
2011-05-18Justin Klein Keane3
2011-06-29PWolanin2
2012-01-11Dylan Tack10
2012-01-18Owen Barton1
2012-03-14Joshua Brauer1
2012-03-28Michael Hess6
2012-03-28Jakub Suchy4
2012-03-28Stella Power3
2012-03-28Derek Wright3
2012-05-02Károly Négyesi1
2012-05-16coltrane1
2012-05-30Matt Chapman1
2012-06-06John Morahan1
2012-07-11Gerhard Killesreiter1
2012-08-08Klaus Purer6
2012-10-10Hunter Fox3
2012-11-14Damien Tournoud2
2012-11-28Fox1
2012-12-19Simon Rycroft1
2012-12-19Fox (hefox)1
2013-01-16Lee Rowlands1
2013-01-23Joris van Eijden1
2013-02-20Stéphane Corlosquet1

Disclosed Vulnerabilities (122):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2013-05-15 93407 Ivo Van Geertruyen
Lode Vanstechelman
 Google Authenticator login Module for Drupal Account Name Handling Remote Bypass
2013-04-16 92533 2013-1972 Greg Knaddison
 elFinder file manager Module for Drupal File Manipulation CSRF
2013-04-10 92259 013-1946 Dylan Tack
 RESTful Web Services for Drupal Cache Poisoning Remote DoS
2013-04-03 91986 2013-1925 Greg Knaddison
Cash Williams
 Chaos tool suite (ctools) Module for Drupal Node Title Disclosure
2013-02-27 90683 2013-1785 Greg Knaddison
 Premium Responsive Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90681 2013-1787 Greg Knaddison
 Simple Corporate Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90682 2013-1786 Greg Knaddison
 Company Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90684 2013-1784 Greg Knaddison
 Clean Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90685 2013-1783 Greg Knaddison
 Business Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90688 2013-1782 Greg Knaddison
 Responsive Blog Theme for Drupal Social Icon Unspecified XSS
2013-02-27 90686 2013-1781 Greg Knaddison
 Professional Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90689 2013-1778 Greg Knaddison
 Creative Theme for Drupal Social Icon Unspecified XSS
2013-02-27 90687 2013-1779 Greg Knaddison
 Fresh Theme for Drupal 3 Slide Gallery Unspecified XSS
2013-02-27 90690 2013-1780 Greg Knaddison
 Best Responsive Theme for Drupal Social Icon Unspecified XSS
2013-02-20 90560 2013-0325 Ivo Van Geertruyen
 Varnish HTTP Accelerator Integration Module for Drupal Configuration Settings XSS
2013-02-20 90514 2013-0323 Stéphane Corlosquet
 Display Suite Module for Drupal Unspecified XSS
2013-02-13 90223 2013-0317 Michael Hess
 Manager Change for Organic Groups Module for Drupal Username XSS
2013-01-23 89535 2013-0225 Klaus Purer
 User Relationships Module for Drupal Relationship Names Field XSS
2013-01-23 89570 2013-0224 Joris van Eijden
 Video Module for Drupal Temporary File Content Handling Remote Code Execution
2013-01-16 89308 2013-0207 Lee Rowlands
 Mark Complete Module for Drupal Unspecified CSRF
2013-01-16 89306 2013-0244 t.ashula
David Rothstein
 Drupal DOM Element Selection Unspecified XSS
2012-12-19 88526 2012-5655 Fox (hefox)
 Context Module for Drupal Crafted Request Block Content Disclosure
2012-12-19 88528 2012-5651 Derek Wright
 Drupal Search Results Blocked User Information Disclosure
2012-12-19 88527 2012-5652 Simon Rycroft
Damien Tournoud
 Drupal Upload File Information Disclosure
2012-11-28 87979 2012-5590 Fox
 Webmail Plus Module for Drupal Unspecified SQL Injection
2012-11-14 87407 2012-5556 Damien Tournoud
Klaus Purer
 RESTful Web Services Module for Drupal Unspecified CSRF
2012-10-24 87786 2012-5550 Dylan Riordan
Greg Knaddison
 Time Spent Module for Drupal Unspecified SQL Injection
2012-10-24 87785 2012-5548 Dylan Riordan
Greg Knaddison
 Time Spent Module for Drupal Unspecified XSS
2012-10-24 87784 2012-5549 Dylan Riordan
Greg Knaddison
 Time Spent Module for Drupal Unspecified CSRF
2012-10-17 86430 2012-4553 Heine Deelstra
Heine Deelstra
Noam Rathaus
 Drupal Reinstallation Arbitrary PHP Code Execution
2012-10-17 87780 2012-5547 Ivo Van Geertruyen
 Search API Module for Drupal Search Index Enabling CSRF
2012-10-10 86162 2012-5569 Hunter Fox
 Basic webmail Module for Drupal Emails XSS
2012-10-10 86163 2012-5570 Hunter Fox
 Basic webmail Module for Drupal Permission Weakness User Email Disclosure
2012-10-10 86164 2012-5569 Hunter Fox
 Basic webmail Module for Drupal Page Title XSS
2012-10-03 85892 2012-5542 Ivo Van Geertruyen
 Commerce extra panes Module for Drupal Pane Manipulation CSRF
2012-10-03 87776 2012-5540 Klaus Purer
 Hostip Module for Drupal Unspecified XSS
2012-09-08 85658 Klaus Purer
 PRH Search Module for Drupal PRH (Patentti- ja Rekisterihallitus) Database XSS
2012-09-04 85188 Greg Knaddison
 Heartbeat Module for Drupal Comment Posting CSRF
2012-08-29 85065 Derek Wright
John Pret
 Views Module for Drupal Global User Object Handling Remote Privilege Escalation
2012-08-28 85053 2012-4500 Michael Hess
 Announcements Module for Drupal Node Access Restriction Bypass
2012-08-28 85051 Klaus Purer
 Javascript Tool Module for Drupal File Name Verification File Access Restriction Bypass
2012-08-10 84748 2012-4497 Greg Knaddison
 Elegant Theme for Drupal 3 Slide Gallery Unspecified XSS
2012-08-08 84527 2012-4493 Klaus Purer
 Better Revisions Module for Drupal Unspecified XSS
2012-07-25 84251 2012-4486 Stella Power
 Subuser Module for Drupal Parent / Subuser Privilege Swap CSRF
2012-07-25 87213 2012-4487 Stella Power
 Subuser Module for Drupal 'Switch Subuser' Permission Check Weakness
2012-07-11 83718 2012-4474 Gerhard Killesreiter
 Colorbox Node Module for Drupal Unspecified Script Multiple Parameter XSS
2012-07-11 86879 2012-4482 Dylan Tack
 Ubercart SecureTrading Payment Method Module for Drupal Item Purchase Payment Bypass
2012-06-20 88144 2012-4468 Dave Reid
 Privatemsg Module for Drupal Private Message User Name XSS
2012-06-13 82957 2012-3798 Peter Wolanin
 Janrain Capture Module for Drupal Local User Account Creation Password Generation Brute Force Weakness
2012-06-13 82958 2012-2727 Peter Wolanin
 Janrain Capture Module for Drupal User Data Synchronization Arbitrary Site Redirect
2012-06-13 83032 2012-2728 Dylan Tack
 Node Hierarchy Module for Drupal Child Heirarchy Manipulation CSRF
2012-06-06 82727 2012-2720 John Morahan
 Tokenauth Module for Drupal User Session Reverting Weakness Request Privilege Escalation
2012-05-30 82434 2012-2716 Dylan Tack
 Comment Moderation Module for Drupal Comment Publishing CSRF
2012-05-30 82433 2012-2715 Peter Wolanin
Matt Chapman
 Amadou Theme for Drupal template.php themes_links() Function Link List Class Addition XSS
2012-05-23 82164 2012-2711 Dylan Wilder-Tack (grendzy)
 Taxonomy List Module for Drupal Taxonomy Term Manipulation Taxonomy Information XSS
2012-05-16 82006 2012-2705 coltrane
 Smart Breadcrumb Module for Drupal filter_titles() Function Title Field XSS
2012-05-16 82007 2012-2907
2012-2709		 Jakub Suchy
 Aberdeen Theme for Drupal template.php aberdeen_breadcrumb Function Content Title XSS
2012-05-16 83368 2012-2707 Ivo Van Geertruyen
 Hostmaster (Aegir) Module for Drupal Package/Task Exit Access Bypass Node Editing Weakness
2012-05-16 83369 2012-2710 Jakub Suchy
 Zen Module for Drupal Breadcrumb Content Title XSS
2012-05-09 81793 2012-2339
2012-2699		 Dylan Wilder-Tack (grendzy)
 Glossary Module for Drupal Taxonomy Information Unspecified XSS
2012-05-02 81679 2012-1589 Károly Négyesi
Katsuhiko Nakanishi
 Drupal Submitted Form Destination Validation Data Redirection Information Disclosure
2012-05-02 84332 2012-2308 Dylan Tack
 Taxonomy Grid : Catalog Module for Drupal Unspecified XSS
2012-05-02 84331 2012-2307 Michael Hess
 Addressbook Module for Drupal Unspecified CSRF
2012-05-02 84330 2012-2306 Michael Hess
 Addressbook Module for Drupal Unspecified SQL Injection
2012-04-25 81635 2012-2298 Gabor Szanto
Dave Reid
 RealName Module for Drupal User Real Name Unspecified XSS
2012-04-25 81555 2012-2302 Jakub Suchy
 Site Documentation (Sitedoc) Module for Drupal Site Structure Information Disclosure
2012-04-18 81203 2012-2116 Ivo Van Geertruyen
 Commerce Reorder Module for Drupal Shopping Cart Item Addition CSRF
2012-04-06 85233 2012-1635 Dave Reid
Adam Bramley
 Revisioning Module for Drupal hook_node_access Function Access Restriction Bypass
2012-04-04 80958 2012-2296 Peter Wolanin
 Janrain Engage Module for Drupal Sensitive Data Retention Weakness
2012-03-28 80669 2012-2075 Stella Power
 Contact Save Module for Drupal Unspecified XSS
2012-03-28 80673 2012-2070 Justin Klein Keane
 MultiBlock Module for Drupal Block Title XSS
2012-03-28 80677 2012-2074 Derek Wright
 Ubercart Views Module for Drupal Default View Information Disclosure
2012-03-28 80680 2012-2083 Jakub Suchy
Justin Emond
Rick Manelius
Abhishek Nagar
Chris Lee
 Fusion Theme for Drupal fusion_core/template.php fusion_core_preprocess_page() Function q Parameter XSS
2012-03-28 80684 2012-2080 Ivo Van Geertruyen
 Node Limit Number Module for Drupal Existing Limit Removal CSRF
2012-03-28 80685 2012-2154 Michael Hess
 CDN2 Video Module for Drupal Unspecified XSS
2012-03-28 80686 2012-2155 Michael Hess
 CDN2 Video Module for Drupal Form API Unspecified CSRF
2012-03-28 80674 2012-2071 Ivo Van Geertruyen
 Contact Forms Module for Drupal Page Title and Additional Information XSS
2012-03-28 80676 2012-2073 David Rothstein
 Bundle Copy Module for Drupal Use PHP for Settings Permission Weakness Remote PHP Code Execution
2012-03-28 80682 Justin Klein Keane
Ivo Van Geertruyen
 Activity Module for Drupal admin/settings/activity/commentactivity Multiple Parameter XSS
2012-03-28 80683 Justin Klein Keane
Ivo Van Geertruyen
 Activity Module for Drupal Activity Removal CSRF
2012-03-14 80079 2012-2066 Heine Deelstra
 CKEditor / FCKeditor Module for Drupal AJAX Callback Filter XSS Protection Bypass
2012-03-14 80080 2012-2067 Heine Deelstra
 CKEditor / FCKeditor Module for Drupal Unspecified PHP Code Execution
2012-03-14 80195 2012-2058 Dylan Tack
 Ubercart Payflow Link Module for Drupal Unspecified Payment Forgery Weakness
2012-03-14 80197 2012-2060 Ivo Van Geertruyen
 Admin tools Module for Drupal Unspecified XSS
2012-03-14 80196 2012-2061 Ivo Van Geertruyen
 Admin tools Module for Drupal Unspecified CSRF
2012-03-14 80137 2012-2063 Joshua Brauer
 Slidebox Module for Drupal Node Content Information Disclosure
2012-03-07 79853 2012-1659 Dylan Tack
 Node Recommendation Module for Drupal Unspecified XSS
2012-02-29 79712 2012-1648 Ivo Van Geertruyen
 Cool Aid Module for Drupal Custom Help Messages Unspecified XSS
2012-02-15 79317 2012-1645 Ivo Van Geertruyen
 CDN Module for Drupal PHP File Source Code Disclosure
2012-02-01 78746 2012-0826 Dylan Tack
 Drupal Aggregator Feed Update DoS CSRF
2012-02-01 78747 2012-0827 David Rothstein
Sascha Grossenbacher
 Drupal File Module Arbitrary File Access
2012-02-01 78817 2012-1056 Greg Knaddison
 Forward Module for Drupal Multiple Block Access Permission Weakness Node Title Disclosure
2012-02-01 79329 2012-1057 Greg Knaddison
 Forward Module for Drupal Node Ranking Increase CSRF
2012-01-25 78528 2012-1639 Ivo Van Geertruyen
 Drupal Commerce Module for Drupal Multiple Field XSS
2012-01-18 78450 2012-5233 Greg Knaddison
 stickynote Module for Drupal Note Editing XSS
2012-01-18 78451 2012-1636 Greg Knaddison
 stickynote Module for Drupal Note Deletion CSRF
2012-01-18 78366 Owen Barton
Michael Smith
 Quick Tabs Module for Drupal Tabbed Content Manipulation XSS
2012-01-11 78265 2012-1633 Greg Knaddison
 Password Policy Module for Drupal User Unblocking CSRF
2012-01-11 78261 2012-1626 Greg Knaddison
 Date Module for Drupal Event Module Date Field Node Conversion SQL Injection
2012-01-11 78266 2012-1632 Greg Knaddison
 Password Policy Module for Drupal Password Policy Creation Policy Name Field XSS
2012-01-11 85697 2012-1631 Ivo Van Geertruyen
 Admin:hover Module for Drupal Unspecified CSRF
2012-01-11 85695 2012-1629 Dylan Tack
 Taxotouch Module for Drupal Unspecified XSS
2012-01-11 85694 2012-1630 Dylan Tack
 Taxonomy Navigator Module for Drupal Unspecified XSS
2012-01-05 82463 Heine Deelstra
 CKEditor Module for Drupal Comment Preview XSS
2011-06-29 73640 PWolanin
 Secure Password Hashes (phpass) Module for Drupal Brute Force Password Reset Link Disclosure
2011-06-29 73641 PWolanin
 Secure Password Hashes (phpass) Module for Drupal Password Reset Link Persistence Password Manipulation
2011-05-25 72829 Heine Deelstra
 Drupal Error Handler URI XSS
2011-05-18 72408 Justin Klein Keane
 Webform Module for Drupal New Webform Field name Parameter XSS
2011-05-18 72409 Justin Klein Keane
 Webform Module for Drupal Webform File Upload Filename XSS
2011-04-27 72096 David Rothstein
 Save Draft Module for Drupal Form Action Validation Access Restriction Bypass
2011-03-23 71839 Dylan Wilder-Tack (grendzy)
 Webform Block Module for Drupal Webform Block Title Unspecified XSS
2011-03-16 71199 Greg Knaddison
 Tagadelic Module for Drupal Listing Pages Taxonomy XSS
2011-02-02 70764 Heine Deelstra
Peter Wolanin
 Droptor Module for Drupal Unspecified SQL Injection
2011-02-02 70768 Greg Knaddison
 Chatroom Module for Drupal Multiple Admin Function CSRF
2010-12-15 69999 mr.baileys
 Drupal for Firebug Module for Drupal Arbitrary PHP Code Execution CSRF
2010-12-08 69748 mr.baileys
 Who Bought What|Ubercart Module for Drupal Unspecified XSS
2010-12-08 69746 mr.baileys
 Who Bought What|Ubercart Module for Drupal Mode Access Restriction Bypass
2010-11-12 69235 recrit
catch
 Node Relativity Module for Drupal Unspecified CSRF
2010-11-12 69234 recrit
catch
 Node Relativity Module for Drupal Unspecified Node Information Disclosure
2010-11-10 69145 2010-4813 Dave Reid
 Category Tokens Module for Drupal Token Help Vocabulary Names XSS
2010-10-29 68925 Ivo Van Geertruyen
 Watcher Module for Drupal Unspecified XSS
2010-10-29 68926 Ivo Van Geertruyen
 Watcher Module for Drupal Multiple Function CSRF

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use