oss-sec mailing list archives

CVE Request for Drupal Contributed Modules

From: Joshua Brauer <joshua () brauerranch com>
Date: Wed, 3 Oct 2012 18:06:22 -0600


This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal 
project.

http://drupal.org/node/1649346 | SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)
http://drupal.org/node/1663306 | SA-CONTRIB-2012-105 - Hashcash - Cross Site Scripting (XSS)
http://drupal.org/node/1679412 | SA-CONTRIB-2012-106 - Listhandler - Access Bypass
http://drupal.org/node/1679422 | SA-CONTRIB-2012-107 - Search autocomplete - Access bypass
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Arbitrary PHP code execution
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Scripting
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Access bypass
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - Cross Site Request Forgery
http://drupal.org/node/1679442 | SA-CONTRIB-2012-108 - Drag & Drop Gallery - SQL Injection
http://drupal.org/node/1679466 | SA-CONTRIB-2012-109 - Restrict node page view - Access bypass
http://drupal.org/node/1679486 | SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)
http://drupal.org/node/1679532 | SA-CONTRIB-2012-111 - Security Questions - Access Bypass

Thanks,
Josh - on behalf of the Drupal security team.

Current thread:

CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
  - Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
    - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
  - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
    - Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
    - Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
  - Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
    - Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)

(Thread continues...)