oss-security - CVE Request for Drupal Contributed Modules

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Thu, 4 Oct 2012 12:15:51 -0600
From: Joshua Brauer <joshua@...uerranch.com>
To: kseifried@...hat.com,
 oss-security@...ts.openwall.com
Subject: CVE Request for Drupal Contributed Modules


This is a batch CVE request for several already published/resolved issues with contributed modules for the Drupal project.

http://drupal.org/node/1679820 | SA-CONTRIB-2012-112 - Ubercart SecureTrading - Failure to follow guideline/specification
http://drupal.org/node/1679888 | SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
http://drupal.org/node/1691446 | SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting (XSS)
http://drupal.org/node/1700578 | SA-CONTRIB-2012-115 - Gallery formatter - Cross Site Scripting (XSS)


Multiple Vulnerabilities:
http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF)
http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser - Access Bypass

http://drupal.org/node/1700588 | SA-CONTRIB-2012-117 - Location - Access Bypass
http://drupal.org/node/1700594 | SA-CONTRIB-2012-118 - Secure Login - Open Redirect
http://drupal.org/node/1708058 | SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS)
http://drupal.org/node/1708198 | SA-CONTRIB-2012-120 - Monthly Archive by Node Type - Access Bypass
http://drupal.org/node/1719392 | SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS)
http://drupal.org/node/1719402 | SA-CONTRIB-2012-122 - Better Revisions - Cross Site Scripting (XSS)
http://drupal.org/node/1719462 | SA-CONTRIB-2012-123 - Shibboleth authentication - Access Bypass
http://drupal.org/node/1719482 | SA-CONTRIB-2012-124 - Mime Mail - Access Bypass



Multiple Vulnerabilities:
http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File Inclusion
http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Cross Site Scripting (XSS)

http://drupal.org/node/1732946 | SA-CONTRIB-2012-126 - Hotblocks - Cross Site Scripting (XSS) and Denial of Service (DoS)
http://drupal.org/node/1732980 | SA-CONTRIB-2012-127 - Custom Publishing Options - Cross Site Scripting (XSS) Vulnerability
http://drupal.org/node/1733056 | SA-CONTRIB-2012-128 - Elegant Theme - Cross Site Scripting (XSS)
http://drupal.org/node/1762160 | SA-CONTRIB-2012-129 - Activism - Access Bypass



Multiple Vulnerabilities:
http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Access Bypass
http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool - Arbitrary code inclusion

http://drupal.org/node/1762470 | SA-CONTRIB-2012-131 - Email Field - Access Bypass
http://drupal.org/node/1762480 | SA-CONTRIB-2012-132 - Announcements - Access Bypass
http://drupal.org/node/1762482 | SA-CONTRIB-2012-133 - Taxonomy Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution


Thanks,
Josh - on behalf of the Drupal security team.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.