oss-sec mailing list archives

CVE Request for Drupal Contributed Modules

From: Joshua Brauer <joshua () brauerranch com>
Date: Thu, 4 Oct 2012 12:15:51 -0600


This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal 
project.

http://drupal.org/node/1679820 | SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow 
guideline/specification
http://drupal.org/node/1679888 | SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
http://drupal.org/node/1691446 | SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS)
http://drupal.org/node/1700578 | SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)


Multiple Vulnerabilities:
http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF)
http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Access Bypass

http://drupal.org/node/1700588 | SA-CONTRIB-2012-117 - Location - Access Bypass
http://drupal.org/node/1700594 | SA-CONTRIB-2012-118 - Secure Login - Open Redirect
http://drupal.org/node/1708058 | SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS)
http://drupal.org/node/1708198 | SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass
http://drupal.org/node/1719392 | SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)
http://drupal.org/node/1719402 | SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)
http://drupal.org/node/1719462 | SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass
http://drupal.org/node/1719482 | SA-CONTRIB-2012-124 - Mime Mail - Access Bypass



Multiple Vulnerabilities:
http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion
http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

http://drupal.org/node/1732946 | SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service 
(DoS)
http://drupal.org/node/1732980 | SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) 
Vulnerability
http://drupal.org/node/1733056 | SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)
http://drupal.org/node/1762160 | SA-CONTRIB-2012-129 - Activism - Access Bypass



Multiple Vulnerabilities:
http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Access Bypass
http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Arbitrary code inclusion

http://drupal.org/node/1762470 | SA-CONTRIB-2012-131 - Email Field - Access Bypass
http://drupal.org/node/1762480 | SA-CONTRIB-2012-132 - Announcements - Access Bypass
http://drupal.org/node/1762482 | SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code 
execution


Thanks,
Josh - on behalf of the Drupal security team.

Current thread:

CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
  - Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
    - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
  - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
    - Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
    - Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
  - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
    - Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
    - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
    - Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
    - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- CVE request for Drupal contributed modules Forest Monsen (Nov 28)

(Thread continues...)