Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 4 Jul 2015 21:55:06 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com
Cc: Security Team <security@...pal.org>
Subject: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100
 to SA-CONTRIB-2015-131)

Hi

Please can I have CVEs assigned to the following vulnerabilities:

Camtasia Relay - Cross Site Scripting (XSS) - SA-CONTRIB-2015-100
https://www.drupal.org/node/2480241

MailChimp - Cross Site Scripting (XSS) - SA-CONTRIB-2015-101
https://www.drupal.org/node/2480253

Smart Trim - Cross Site Scripting (XSS) - SA-CONTRIB-2015-102
https://www.drupal.org/node/2480321

Views - Access Bypass - SA-CONTRIB-2015-103
https://www.drupal.org/node/2480327

Dynamic display block - Access bypass - SA-CONTRIB-2015-104
https://www.drupal.org/node/2484157

Video Consultation - Cross Site Scripting (XSS) - SA-CONTRIB-2015-105
https://www.drupal.org/node/2484195

Entityform Block - Access Bypass - SA-CONTRIB-2015-106
https://www.drupal.org/node/2484169

Webform Matrix Component - Cross Site Scripting (XSS) - SA-CONTRIB-2015-107
https://www.drupal.org/node/2484231

Mobile sliding menu - Cross Site Scripting (XSS) - SA-CONTRIB-2015-108
https://www.drupal.org/node/2484233

pass2pdf - Information Disclosure - SA-CONTRIB-2015-109
https://www.drupal.org/node/2492205

Web Links - Cross Site Scripting (XSS) - SA-CONTRIB-2015-110
https://www.drupal.org/node/2492209

Shipwire - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111
https://www.drupal.org/node/2492243

Navigate - Access Bypass - SA-CONTRIB-2015-112
Navigate - Cross-site scripting - SA-CONTRIB-2015-112
https://www.drupal.org/node/2492245

Aegir - Code Execution Prevention - SA-CONTRIB-2015-113
https://www.drupal.org/node/2492317

Storage API - Access Bypass - SA-CONTRIB-2015-114
https://www.drupal.org/node/2495903

Chamilo integration - Open Redirect - SA-CONTRIB-2015-115
https://www.drupal.org/node/2495931

Novalnet Payment Module Ubercart - SQL Injection - SA-CONTRIB-2015-116
https://www.drupal.org/node/2499787

Novalnet Payment Module Drupal Commerce - SQL Injection - SA-CONTRIB-2015-117
https://www.drupal.org/node/2499791

HTTP Strict Transport Security - Logical Error - SA-CONTRIB-2015-118
https://www.drupal.org/node/2507563

Apache Solr Real-Time - Access Bypass - SA-CONTRIB-2015-119
https://www.drupal.org/node/2507581

Inline Entity Form - Cross Site Scripting (XSS) - SA-CONTRIB-2015-120
https://www.drupal.org/node/2507605

The eXtensible Catalog (XC) Drupal Toolkit - Cross Site Request
Forgery (CSRF) - SA-CONTRIB-2015-121
https://www.drupal.org/node/2507619

Administration Views - Access Bypass - SA-CONTRIB-2015-122
https://www.drupal.org/node/250764

jQuery Update - Open Redirect - SA-CONTRIB-2015-123
https://www.drupal.org/node/2507729

LABjs - Open Redirect - SA-CONTRIB-2015-124
https://www.drupal.org/node/2507735

Acquia Cloud Site Factory Connector - Open Redirect - SA-CONTRIB-2015-125
https://www.drupal.org/node/2507741

Content Construction Kit (CCK) - Open Redirect - SA-CONTRIB-2015-126
https://www.drupal.org/node/2507753

HybridAuth Social Login - Access bypass - SA-CONTRIB-2015-127
https://www.drupal.org/node/2511410

me aliases - Access Bypass - SA-CONTRIB-2015-128
https://www.drupal.org/node/2511424

Shibboleth authentication - Cross Site Scripting (XSS) - SA-CONTRIB-2015-129
https://www.drupal.org/node/2511518

Migrate - Cross Site Scripting (XSS) - SA-CONTRIB-2015-130
https://www.drupal.org/node/2516678

Views Bulk Operations - Access Bypass - SA-CONTRIB-2015-131
https://www.drupal.org/node/2516688

Regards
Pere Orga on behalf of the Drupal Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ