Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Apr 2015 18:22:41 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com, Security Team <security@...pal.org>
Subject: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034
 to SA-CONTRIB-2015-099)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect
https://www.drupal.org/node/2420089

SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting
https://www.drupal.org/node/2420099

SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting
https://www.drupal.org/node/2420119

SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
https://www.drupal.org/node/2420139

SA-CONTRIB-2015-038 - Facebook Album Fetcher - Cross Site Scripting
https://www.drupal.org/node/2420161

SA-CONTRIB-2015-039 - Views - Open Redirect
SA-CONTRIB-2015-039 - Views - Access bypass
https://www.drupal.org/node/2424403

SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting
https://www.drupal.org/node/2424405

SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery
https://www.drupal.org/node/2424409

SA-CONTRIB-2015-042 - Node basket - Cross Site Scripting
SA-CONTRIB-2015-042 - Node basket - Cross Site Request Forgery
SA-CONTRIB-2015-042 - Node basket - Open Redirect
https://www.drupal.org/node/2424419

SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Scripting
SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Request Forgery
https://www.drupal.org/node/2424435

SA-CONTRIB-2015-044 - Taxonomy Path - Cross Site Scripting
https://www.drupal.org/node/2424439

SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting
https://www.drupal.org/node/2424349

SA-CONTRIB-2015-046 - Taxonomy Tools - Cross Site Scripting
https://www.drupal.org/node/2424355

SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting
https://www.drupal.org/node/2428799

SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution
https://www.drupal.org/node/2428793

SA-CONTRIB-2015-049 - Navigate - Cross Site Scripting
https://www.drupal.org/node/2428815

SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
https://www.drupal.org/node/2428851

SA-CONTRIB-2015-051 - Term Queue - Cross Site Scripting
https://www.drupal.org/node/2428853

SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass
https://www.drupal.org/node/2428863

SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting
https://www.drupal.org/node/2437905

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting
https://www.drupal.org/node/2437943

SA-CONTRIB-2015-055 - Services single sign-on server helper - Open Redirect
https://www.drupal.org/node/2437965

SA-CONTRIB-2015-056 - inLinks Integration - Cross Site Scripting
https://www.drupal.org/node/2437969

SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - SQL Injection
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities -
Cross Site Request Forgery
https://www.drupal.org/node/2437973

SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery
https://www.drupal.org/node/2437977

SA-CONTRIB-2015-059 - Spider Video Player - Arbitrary file deletion
SA-CONTRIB-2015-059 - Spider Video Player - Cross Site Request Forgery
https://www.drupal.org/node/2437981

SA-CONTRIB-2015-060 - Custom Sitemap - Cross Site Request Forgery
https://www.drupal.org/node/2437985

SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting
https://www.drupal.org/node/2437991

SA-CONTRIB-2015-062 - Watchdog Aggregator - Cross Site Request Forgery
https://www.drupal.org/node/2437993

SA-CONTRIB-2015-063 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting
https://www.drupal.org/node/2445953

SA-CONTRIB-2015-065 - Registration codes - Cross Site Scripting
SA-CONTRIB-2015-065 - Registration codes - Cross Site Request Forgery
https://www.drupal.org/node/2445955

SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery
https://www.drupal.org/node/2445961

SA-CONTRIB-2015-067 - Finder - Open Redirect
https://www.drupal.org/node/2445967

SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery
https://www.drupal.org/node/2445971

SA-CONTRIB-2015-069 - Taxonomy Accordion - Cross Site Scripting
https://www.drupal.org/node/2445973

SA-CONTRIB-2015-070 - Mover - Cross Site Scripting
https://www.drupal.org/node/2445977

SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting
https://www.drupal.org/node/2446019

SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass
https://www.drupal.org/node/2446051

SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting
https://www.drupal.org/node/2446065

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting
https://www.drupal.org/node/2450387

SA-CONTRIB-2015-075 - Perfecto - Open Redirect
https://www.drupal.org/node/2450391

SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting
https://www.drupal.org/node/2450393

SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting
https://www.drupal.org/node/2450427

SA-CONTRIB-2015-078 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-079 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting
https://www.drupal.org/node/2455011

SA-CONTRIB-2015-081 - Petition - Cross Site Scripting
https://www.drupal.org/node/2459311

SA-CONTRIB-2015-082 - Crumbs - Cross Site Scripting
https://www.drupal.org/node/2459315

SA-CONTRIB-2015-083 - Webform Multiple File Upload - Cross Site Request Forgery
https://www.drupal.org/node/2459323

SA-CONTRIB-2015-084 - Linear Case - Cross Site Scripting
https://www.drupal.org/node/2459327

SA-CONTRIB-2015-085 - Invoice - Cross Site Scripting
SA-CONTRIB-2015-085 - Invoice - Cross Site Request Forgery
https://www.drupal.org/node/2459337

SA-CONTRIB-2015-086 - Decisions - Cross Site Request Forgery
https://www.drupal.org/node/2459349

SA-CONTRIB-2015-087 - Ubercart Webform Checkout Pane - Cross Site Scripting
https://www.drupal.org/node/2459359

SA-CONTRIB-2015-088 - Imagefield Info - Cross Site Scripting
https://www.drupal.org/node/2463823

SA-CONTRIB-2015-089 - EntityBulkDelete - Cross Site Scripting
https://www.drupal.org/node/2463831

SA-CONTRIB-2015-090 - Password Policy - Cross Site Scripting
https://www.drupal.org/node/2463835

SA-CONTRIB-2015-091 - Current Search Links - Cross Site Scripting
https://www.drupal.org/node/2463843

SA-CONTRIB-2015-092 - Open Graph Importer - Access bypass
https://www.drupal.org/node/2463891

SA-CONTRIB-2015-093 - User Import - Cross Site Request Forgery
https://www.drupal.org/node/2463949

SA-CONTRIB-2015-094 - CiviCRM private report - Cross Site Request Forgery
https://www.drupal.org/node/2467697

SA-CONTRIB-2015-095 - Display Suite - Cross Site Scripting
https://www.drupal.org/node/2471733

SA-CONTRIB-2015-096 - Services - Access bypass (file upload and execution)
SA-CONTRIB-2015-096 - Services - Information Disclosure
https://www.drupal.org/node/2471879

SA-CONTRIB-2015-097 - HybridAuth Social Login - Information Disclosure
https://www.drupal.org/node/2475943

SA-CONTRIB-2015-098 - Keyword Research - Cross Site Request Forgery
https://www.drupal.org/node/2475953

SA-CONTRIB-2015-099 - Node Template - Cross Site Scripting
https://www.drupal.org/node/2475955

Thanks

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ