Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Apr 2015 18:22:41 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com, Security Team <security@...pal.org>
Subject: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034
 to SA-CONTRIB-2015-099)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect
https://www.drupal.org/node/2420089

SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting
https://www.drupal.org/node/2420099

SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting
https://www.drupal.org/node/2420119

SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
https://www.drupal.org/node/2420139

SA-CONTRIB-2015-038 - Facebook Album Fetcher - Cross Site Scripting
https://www.drupal.org/node/2420161

SA-CONTRIB-2015-039 - Views - Open Redirect
SA-CONTRIB-2015-039 - Views - Access bypass
https://www.drupal.org/node/2424403

SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting
https://www.drupal.org/node/2424405

SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery
https://www.drupal.org/node/2424409

SA-CONTRIB-2015-042 - Node basket - Cross Site Scripting
SA-CONTRIB-2015-042 - Node basket - Cross Site Request Forgery
SA-CONTRIB-2015-042 - Node basket - Open Redirect
https://www.drupal.org/node/2424419

SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Scripting
SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Request Forgery
https://www.drupal.org/node/2424435

SA-CONTRIB-2015-044 - Taxonomy Path - Cross Site Scripting
https://www.drupal.org/node/2424439

SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting
https://www.drupal.org/node/2424349

SA-CONTRIB-2015-046 - Taxonomy Tools - Cross Site Scripting
https://www.drupal.org/node/2424355

SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting
https://www.drupal.org/node/2428799

SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution
https://www.drupal.org/node/2428793

SA-CONTRIB-2015-049 - Navigate - Cross Site Scripting
https://www.drupal.org/node/2428815

SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
https://www.drupal.org/node/2428851

SA-CONTRIB-2015-051 - Term Queue - Cross Site Scripting
https://www.drupal.org/node/2428853

SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass
https://www.drupal.org/node/2428863

SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting
https://www.drupal.org/node/2437905

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting
https://www.drupal.org/node/2437943

SA-CONTRIB-2015-055 - Services single sign-on server helper - Open Redirect
https://www.drupal.org/node/2437965

SA-CONTRIB-2015-056 - inLinks Integration - Cross Site Scripting
https://www.drupal.org/node/2437969

SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - SQL Injection
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities -
Cross Site Request Forgery
https://www.drupal.org/node/2437973

SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery
https://www.drupal.org/node/2437977

SA-CONTRIB-2015-059 - Spider Video Player - Arbitrary file deletion
SA-CONTRIB-2015-059 - Spider Video Player - Cross Site Request Forgery
https://www.drupal.org/node/2437981

SA-CONTRIB-2015-060 - Custom Sitemap - Cross Site Request Forgery
https://www.drupal.org/node/2437985

SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting
https://www.drupal.org/node/2437991

SA-CONTRIB-2015-062 - Watchdog Aggregator - Cross Site Request Forgery
https://www.drupal.org/node/2437993

SA-CONTRIB-2015-063 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting
https://www.drupal.org/node/2445953

SA-CONTRIB-2015-065 - Registration codes - Cross Site Scripting
SA-CONTRIB-2015-065 - Registration codes - Cross Site Request Forgery
https://www.drupal.org/node/2445955

SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery
https://www.drupal.org/node/2445961

SA-CONTRIB-2015-067 - Finder - Open Redirect
https://www.drupal.org/node/2445967

SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery
https://www.drupal.org/node/2445971

SA-CONTRIB-2015-069 - Taxonomy Accordion - Cross Site Scripting
https://www.drupal.org/node/2445973

SA-CONTRIB-2015-070 - Mover - Cross Site Scripting
https://www.drupal.org/node/2445977

SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting
https://www.drupal.org/node/2446019

SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass
https://www.drupal.org/node/2446051

SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting
https://www.drupal.org/node/2446065

SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting
https://www.drupal.org/node/2450387

SA-CONTRIB-2015-075 - Perfecto - Open Redirect
https://www.drupal.org/node/2450391

SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting
https://www.drupal.org/node/2450393

SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting
https://www.drupal.org/node/2450427

SA-CONTRIB-2015-078 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-079 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35

SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting
https://www.drupal.org/node/2455011

SA-CONTRIB-2015-081 - Petition - Cross Site Scripting
https://www.drupal.org/node/2459311

SA-CONTRIB-2015-082 - Crumbs - Cross Site Scripting
https://www.drupal.org/node/2459315

SA-CONTRIB-2015-083 - Webform Multiple File Upload - Cross Site Request Forgery
https://www.drupal.org/node/2459323

SA-CONTRIB-2015-084 - Linear Case - Cross Site Scripting
https://www.drupal.org/node/2459327

SA-CONTRIB-2015-085 - Invoice - Cross Site Scripting
SA-CONTRIB-2015-085 - Invoice - Cross Site Request Forgery
https://www.drupal.org/node/2459337

SA-CONTRIB-2015-086 - Decisions - Cross Site Request Forgery
https://www.drupal.org/node/2459349

SA-CONTRIB-2015-087 - Ubercart Webform Checkout Pane - Cross Site Scripting
https://www.drupal.org/node/2459359

SA-CONTRIB-2015-088 - Imagefield Info - Cross Site Scripting
https://www.drupal.org/node/2463823

SA-CONTRIB-2015-089 - EntityBulkDelete - Cross Site Scripting
https://www.drupal.org/node/2463831

SA-CONTRIB-2015-090 - Password Policy - Cross Site Scripting
https://www.drupal.org/node/2463835

SA-CONTRIB-2015-091 - Current Search Links - Cross Site Scripting
https://www.drupal.org/node/2463843

SA-CONTRIB-2015-092 - Open Graph Importer - Access bypass
https://www.drupal.org/node/2463891

SA-CONTRIB-2015-093 - User Import - Cross Site Request Forgery
https://www.drupal.org/node/2463949

SA-CONTRIB-2015-094 - CiviCRM private report - Cross Site Request Forgery
https://www.drupal.org/node/2467697

SA-CONTRIB-2015-095 - Display Suite - Cross Site Scripting
https://www.drupal.org/node/2471733

SA-CONTRIB-2015-096 - Services - Access bypass (file upload and execution)
SA-CONTRIB-2015-096 - Services - Information Disclosure
https://www.drupal.org/node/2471879

SA-CONTRIB-2015-097 - HybridAuth Social Login - Information Disclosure
https://www.drupal.org/node/2475943

SA-CONTRIB-2015-098 - Keyword Research - Cross Site Request Forgery
https://www.drupal.org/node/2475953

SA-CONTRIB-2015-099 - Node Template - Cross Site Scripting
https://www.drupal.org/node/2475955

Thanks

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.