oss-sec mailing list archives
CVEs for Drupal contributed modules - January 2015
From: Pere Orga <pere () orga cat>
Date: Thu, 29 Jan 2015 00:12:29 +0100
Hi I would like to ask CVEs for the following advisories of Drupal contributed modules: SA-CONTRIB-2015-001 - OPAC - Cross-Site Request Forgery (CSRF) https://www.drupal.org/node/2403313 SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS) https://www.drupal.org/node/2403333 SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection https://www.drupal.org/node/2403343 SA-CONTRIB-2015-004 - Context - Open Redirect https://www.drupal.org/node/2403351 SA-CONTRIB-2015-005 - WikiWiki - SQL injection https://www.drupal.org/node/2403375 SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - XSS SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - CSRF https://www.drupal.org/node/2403447 SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403445 SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403451 SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS) https://www.drupal.org/node/2403459 SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403463 SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403465 SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2403487 SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS) https://www.drupal.org/node/2403489 SA-CONTRIB-2015-014 - Wishlist - XSS SA-CONTRIB-2015-014 - Wishlist - CSRF https://www.drupal.org/node/2407313 SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS) https://www.drupal.org/node/2407315 SA-CONTRIB-2015-016 - Tadaa! - CSRF SA-CONTRIB-2015-016 - Tadaa! - Open Redirect https://www.drupal.org/node/2407321 SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS) https://www.drupal.org/node/2407329 SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS) https://www.drupal.org/node/2407341 SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect https://www.drupal.org/node/2407347 SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2407357 SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS) https://www.drupal.org/node/2407395 SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) https://www.drupal.org/node/2407401 SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS) https://www.drupal.org/node/2411527 SA-CONTRIB-2015-024 - Alfresco - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411523 SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411539 SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS) https://www.drupal.org/node/2411573 SA-CONTRIB-2015-027 - Quizzler - Cross Site Scripting (XSS) https://www.drupal.org/node/2411579 SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411737 SA-CONTRIB-2015-029 - Corner - Cross Site Request Forgery (CSRF) https://www.drupal.org/node/2411741 SA-CONTRIB-2015-030 - Amazon AWS - Access bypass https://www.drupal.org/node/2415873 SA-CONTRIB-2015-031 - GD Infinite Scroll - XSS SA-CONTRIB-2015-031 - GD Infinite Scroll - CSRF SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect https://www.drupal.org/node/2415885 SA-CONTRIB-2015-032 - Node Invite - XSS SA-CONTRIB-2015-032 - Node Invite - CSRF https://www.drupal.org/node/2415899 SA-CONTRIB-2015-033 - Certify - Access bypass SA-CONTRIB-2015-033 - Certify - Information disclosure https://www.drupal.org/node/2415947 Many thanks Pere Orga on behalf of the Drupal Security Team
Current thread:
- CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 28)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)
- Re: Re: CVEs for Drupal contributed modules - January 2015 Vasyl Kaigorodov (Jan 29)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)