oss-sec mailing list archives
CVE Request for Drupal Contributed Modules
From: Joshua Brauer <joshua () brauerranch com>
Date: Thu, 4 Oct 2012 12:15:51 -0600
This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal project. http://drupal.org/node/1679820 | SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow guideline/specification http://drupal.org/node/1679888 | SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass http://drupal.org/node/1691446 | SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS) http://drupal.org/node/1700578 | SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS) Multiple Vulnerabilities: http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF) http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Access Bypass http://drupal.org/node/1700588 | SA-CONTRIB-2012-117 - Location - Access Bypass http://drupal.org/node/1700594 | SA-CONTRIB-2012-118 - Secure Login - Open Redirect http://drupal.org/node/1708058 | SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS) http://drupal.org/node/1708198 | SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass http://drupal.org/node/1719392 | SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS) http://drupal.org/node/1719402 | SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS) http://drupal.org/node/1719462 | SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass http://drupal.org/node/1719482 | SA-CONTRIB-2012-124 - Mime Mail - Access Bypass Multiple Vulnerabilities: http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Cross Site Scripting (XSS) http://drupal.org/node/1732946 | SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS) http://drupal.org/node/1732980 | SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability http://drupal.org/node/1733056 | SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS) http://drupal.org/node/1762160 | SA-CONTRIB-2012-129 - Activism - Access Bypass Multiple Vulnerabilities: http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Access Bypass http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Arbitrary code inclusion http://drupal.org/node/1762470 | SA-CONTRIB-2012-131 - Email Field - Access Bypass http://drupal.org/node/1762480 | SA-CONTRIB-2012-132 - Announcements - Access Bypass http://drupal.org/node/1762482 | SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution Thanks, Josh - on behalf of the Drupal security team.
Current thread:
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)