oss-sec mailing list archives
CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)
From: Pere Orga <pere () orga cat>
Date: Sat, 25 Apr 2015 18:22:41 +0200
Hi Please can I have CVEs assigned to the following vulnerabilities: SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect https://www.drupal.org/node/2420089 SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting https://www.drupal.org/node/2420099 SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting https://www.drupal.org/node/2420119 SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass https://www.drupal.org/node/2420139 SA-CONTRIB-2015-038 - Facebook Album Fetcher - Cross Site Scripting https://www.drupal.org/node/2420161 SA-CONTRIB-2015-039 - Views - Open Redirect SA-CONTRIB-2015-039 - Views - Access bypass https://www.drupal.org/node/2424403 SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting https://www.drupal.org/node/2424405 SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery https://www.drupal.org/node/2424409 SA-CONTRIB-2015-042 - Node basket - Cross Site Scripting SA-CONTRIB-2015-042 - Node basket - Cross Site Request Forgery SA-CONTRIB-2015-042 - Node basket - Open Redirect https://www.drupal.org/node/2424419 SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Scripting SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Request Forgery https://www.drupal.org/node/2424435 SA-CONTRIB-2015-044 - Taxonomy Path - Cross Site Scripting https://www.drupal.org/node/2424439 SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting https://www.drupal.org/node/2424349 SA-CONTRIB-2015-046 - Taxonomy Tools - Cross Site Scripting https://www.drupal.org/node/2424355 SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting https://www.drupal.org/node/2428799 SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution https://www.drupal.org/node/2428793 SA-CONTRIB-2015-049 - Navigate - Cross Site Scripting https://www.drupal.org/node/2428815 SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass https://www.drupal.org/node/2428851 SA-CONTRIB-2015-051 - Term Queue - Cross Site Scripting https://www.drupal.org/node/2428853 SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass https://www.drupal.org/node/2428863 SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting https://www.drupal.org/node/2437905 SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting https://www.drupal.org/node/2437943 SA-CONTRIB-2015-055 - Services single sign-on server helper - Open Redirect https://www.drupal.org/node/2437965 SA-CONTRIB-2015-056 - inLinks Integration - Cross Site Scripting https://www.drupal.org/node/2437969 SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - SQL Injection SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - Cross Site Request Forgery https://www.drupal.org/node/2437973 SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery https://www.drupal.org/node/2437977 SA-CONTRIB-2015-059 - Spider Video Player - Arbitrary file deletion SA-CONTRIB-2015-059 - Spider Video Player - Cross Site Request Forgery https://www.drupal.org/node/2437981 SA-CONTRIB-2015-060 - Custom Sitemap - Cross Site Request Forgery https://www.drupal.org/node/2437985 SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting https://www.drupal.org/node/2437991 SA-CONTRIB-2015-062 - Watchdog Aggregator - Cross Site Request Forgery https://www.drupal.org/node/2437993 SA-CONTRIB-2015-063 has already been requested in http://www.openwall.com/lists/oss-security/2015/03/22/35 SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting https://www.drupal.org/node/2445953 SA-CONTRIB-2015-065 - Registration codes - Cross Site Scripting SA-CONTRIB-2015-065 - Registration codes - Cross Site Request Forgery https://www.drupal.org/node/2445955 SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery https://www.drupal.org/node/2445961 SA-CONTRIB-2015-067 - Finder - Open Redirect https://www.drupal.org/node/2445967 SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery https://www.drupal.org/node/2445971 SA-CONTRIB-2015-069 - Taxonomy Accordion - Cross Site Scripting https://www.drupal.org/node/2445973 SA-CONTRIB-2015-070 - Mover - Cross Site Scripting https://www.drupal.org/node/2445977 SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting https://www.drupal.org/node/2446019 SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass https://www.drupal.org/node/2446051 SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting https://www.drupal.org/node/2446065 SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting https://www.drupal.org/node/2450387 SA-CONTRIB-2015-075 - Perfecto - Open Redirect https://www.drupal.org/node/2450391 SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting https://www.drupal.org/node/2450393 SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting https://www.drupal.org/node/2450427 SA-CONTRIB-2015-078 has already been requested in http://www.openwall.com/lists/oss-security/2015/03/22/35 SA-CONTRIB-2015-079 has already been requested in http://www.openwall.com/lists/oss-security/2015/03/22/35 SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting https://www.drupal.org/node/2455011 SA-CONTRIB-2015-081 - Petition - Cross Site Scripting https://www.drupal.org/node/2459311 SA-CONTRIB-2015-082 - Crumbs - Cross Site Scripting https://www.drupal.org/node/2459315 SA-CONTRIB-2015-083 - Webform Multiple File Upload - Cross Site Request Forgery https://www.drupal.org/node/2459323 SA-CONTRIB-2015-084 - Linear Case - Cross Site Scripting https://www.drupal.org/node/2459327 SA-CONTRIB-2015-085 - Invoice - Cross Site Scripting SA-CONTRIB-2015-085 - Invoice - Cross Site Request Forgery https://www.drupal.org/node/2459337 SA-CONTRIB-2015-086 - Decisions - Cross Site Request Forgery https://www.drupal.org/node/2459349 SA-CONTRIB-2015-087 - Ubercart Webform Checkout Pane - Cross Site Scripting https://www.drupal.org/node/2459359 SA-CONTRIB-2015-088 - Imagefield Info - Cross Site Scripting https://www.drupal.org/node/2463823 SA-CONTRIB-2015-089 - EntityBulkDelete - Cross Site Scripting https://www.drupal.org/node/2463831 SA-CONTRIB-2015-090 - Password Policy - Cross Site Scripting https://www.drupal.org/node/2463835 SA-CONTRIB-2015-091 - Current Search Links - Cross Site Scripting https://www.drupal.org/node/2463843 SA-CONTRIB-2015-092 - Open Graph Importer - Access bypass https://www.drupal.org/node/2463891 SA-CONTRIB-2015-093 - User Import - Cross Site Request Forgery https://www.drupal.org/node/2463949 SA-CONTRIB-2015-094 - CiviCRM private report - Cross Site Request Forgery https://www.drupal.org/node/2467697 SA-CONTRIB-2015-095 - Display Suite - Cross Site Scripting https://www.drupal.org/node/2471733 SA-CONTRIB-2015-096 - Services - Access bypass (file upload and execution) SA-CONTRIB-2015-096 - Services - Information Disclosure https://www.drupal.org/node/2471879 SA-CONTRIB-2015-097 - HybridAuth Social Login - Information Disclosure https://www.drupal.org/node/2475943 SA-CONTRIB-2015-098 - Keyword Research - Cross Site Request Forgery https://www.drupal.org/node/2475953 SA-CONTRIB-2015-099 - Node Template - Cross Site Scripting https://www.drupal.org/node/2475955 Thanks Regards Pere Orga on behalf of the Drupal Security Team
Current thread:
- CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099) Pere Orga (Apr 25)