[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMYtjAr1rZsHY0u0P3s1mnwb7VcFybNnP8JrGD268x06P=+0-g@mail.gmail.com>
Date: Sat, 25 Apr 2015 18:22:41 +0200
From: Pere Orga <pere@...a.cat>
To: oss-security@...ts.openwall.com, Security Team <security@...pal.org>
Subject: CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034
to SA-CONTRIB-2015-099)
Hi
Please can I have CVEs assigned to the following vulnerabilities:
SA-CONTRIB-2015-034 - Commerce WeDeal - Open Redirect
https://www.drupal.org/node/2420089
SA-CONTRIB-2015-035 - Ajax Timeline - Cross Site Scripting
https://www.drupal.org/node/2420099
SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting
https://www.drupal.org/node/2420119
SA-CONTRIB-2015-037 - Path Breadcrumbs - Access Bypass
https://www.drupal.org/node/2420139
SA-CONTRIB-2015-038 - Facebook Album Fetcher - Cross Site Scripting
https://www.drupal.org/node/2420161
SA-CONTRIB-2015-039 - Views - Open Redirect
SA-CONTRIB-2015-039 - Views - Access bypass
https://www.drupal.org/node/2424403
SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting
https://www.drupal.org/node/2424405
SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery
https://www.drupal.org/node/2424409
SA-CONTRIB-2015-042 - Node basket - Cross Site Scripting
SA-CONTRIB-2015-042 - Node basket - Cross Site Request Forgery
SA-CONTRIB-2015-042 - Node basket - Open Redirect
https://www.drupal.org/node/2424419
SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Scripting
SA-CONTRIB-2015-043 - Commerce Balanced Payments - Cross Site Request Forgery
https://www.drupal.org/node/2424435
SA-CONTRIB-2015-044 - Taxonomy Path - Cross Site Scripting
https://www.drupal.org/node/2424439
SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting
https://www.drupal.org/node/2424349
SA-CONTRIB-2015-046 - Taxonomy Tools - Cross Site Scripting
https://www.drupal.org/node/2424355
SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting
https://www.drupal.org/node/2428799
SA-CONTRIB-2015-048 - Avatar Uploader - Arbitrary PHP code execution
https://www.drupal.org/node/2428793
SA-CONTRIB-2015-049 - Navigate - Cross Site Scripting
https://www.drupal.org/node/2428815
SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass
https://www.drupal.org/node/2428851
SA-CONTRIB-2015-051 - Term Queue - Cross Site Scripting
https://www.drupal.org/node/2428853
SA-CONTRIB-2015-052 - RESTful Web Services - Access Bypass
https://www.drupal.org/node/2428863
SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting
https://www.drupal.org/node/2437905
SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting
https://www.drupal.org/node/2437943
SA-CONTRIB-2015-055 - Services single sign-on server helper - Open Redirect
https://www.drupal.org/node/2437965
SA-CONTRIB-2015-056 - inLinks Integration - Cross Site Scripting
https://www.drupal.org/node/2437969
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities - SQL Injection
SA-CONTRIB-2015-057 - Spider Contacts - Multiple vulnerabilities -
Cross Site Request Forgery
https://www.drupal.org/node/2437973
SA-CONTRIB-2015-058 - Spider Catalog - Cross Site Request Forgery
https://www.drupal.org/node/2437977
SA-CONTRIB-2015-059 - Spider Video Player - Arbitrary file deletion
SA-CONTRIB-2015-059 - Spider Video Player - Cross Site Request Forgery
https://www.drupal.org/node/2437981
SA-CONTRIB-2015-060 - Custom Sitemap - Cross Site Request Forgery
https://www.drupal.org/node/2437985
SA-CONTRIB-2015-061 - Ubercart Webform Integration - Cross Site Scripting
https://www.drupal.org/node/2437991
SA-CONTRIB-2015-062 - Watchdog Aggregator - Cross Site Request Forgery
https://www.drupal.org/node/2437993
SA-CONTRIB-2015-063 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35
SA-CONTRIB-2015-064 - Ubercart Discount Coupons - Cross Site Scripting
https://www.drupal.org/node/2445953
SA-CONTRIB-2015-065 - Registration codes - Cross Site Scripting
SA-CONTRIB-2015-065 - Registration codes - Cross Site Request Forgery
https://www.drupal.org/node/2445955
SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery
https://www.drupal.org/node/2445961
SA-CONTRIB-2015-067 - Finder - Open Redirect
https://www.drupal.org/node/2445967
SA-CONTRIB-2015-068 - Campaign Monitor - Cross Site Request Forgery
https://www.drupal.org/node/2445971
SA-CONTRIB-2015-069 - Taxonomy Accordion - Cross Site Scripting
https://www.drupal.org/node/2445973
SA-CONTRIB-2015-070 - Mover - Cross Site Scripting
https://www.drupal.org/node/2445977
SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting
https://www.drupal.org/node/2446019
SA-CONTRIB-2015-072 - Commerce Ogone - Access bypass
https://www.drupal.org/node/2446051
SA-CONTRIB-2015-073 - Trick Question - Cross Site Scripting
https://www.drupal.org/node/2446065
SA-CONTRIB-2015-074 - Site Documentation - Cross Site Scripting
https://www.drupal.org/node/2450387
SA-CONTRIB-2015-075 - Perfecto - Open Redirect
https://www.drupal.org/node/2450391
SA-CONTRIB-2015-076 - Image Title - Cross Site Scripting
https://www.drupal.org/node/2450393
SA-CONTRIB-2015-077 - OG tabs - Cross Site Scripting
https://www.drupal.org/node/2450427
SA-CONTRIB-2015-078 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35
SA-CONTRIB-2015-079 has already been requested in
http://www.openwall.com/lists/oss-security/2015/03/22/35
SA-CONTRIB-2015-080 - Profile2 Privacy - Cross Site Scripting
https://www.drupal.org/node/2455011
SA-CONTRIB-2015-081 - Petition - Cross Site Scripting
https://www.drupal.org/node/2459311
SA-CONTRIB-2015-082 - Crumbs - Cross Site Scripting
https://www.drupal.org/node/2459315
SA-CONTRIB-2015-083 - Webform Multiple File Upload - Cross Site Request Forgery
https://www.drupal.org/node/2459323
SA-CONTRIB-2015-084 - Linear Case - Cross Site Scripting
https://www.drupal.org/node/2459327
SA-CONTRIB-2015-085 - Invoice - Cross Site Scripting
SA-CONTRIB-2015-085 - Invoice - Cross Site Request Forgery
https://www.drupal.org/node/2459337
SA-CONTRIB-2015-086 - Decisions - Cross Site Request Forgery
https://www.drupal.org/node/2459349
SA-CONTRIB-2015-087 - Ubercart Webform Checkout Pane - Cross Site Scripting
https://www.drupal.org/node/2459359
SA-CONTRIB-2015-088 - Imagefield Info - Cross Site Scripting
https://www.drupal.org/node/2463823
SA-CONTRIB-2015-089 - EntityBulkDelete - Cross Site Scripting
https://www.drupal.org/node/2463831
SA-CONTRIB-2015-090 - Password Policy - Cross Site Scripting
https://www.drupal.org/node/2463835
SA-CONTRIB-2015-091 - Current Search Links - Cross Site Scripting
https://www.drupal.org/node/2463843
SA-CONTRIB-2015-092 - Open Graph Importer - Access bypass
https://www.drupal.org/node/2463891
SA-CONTRIB-2015-093 - User Import - Cross Site Request Forgery
https://www.drupal.org/node/2463949
SA-CONTRIB-2015-094 - CiviCRM private report - Cross Site Request Forgery
https://www.drupal.org/node/2467697
SA-CONTRIB-2015-095 - Display Suite - Cross Site Scripting
https://www.drupal.org/node/2471733
SA-CONTRIB-2015-096 - Services - Access bypass (file upload and execution)
SA-CONTRIB-2015-096 - Services - Information Disclosure
https://www.drupal.org/node/2471879
SA-CONTRIB-2015-097 - HybridAuth Social Login - Information Disclosure
https://www.drupal.org/node/2475943
SA-CONTRIB-2015-098 - Keyword Research - Cross Site Request Forgery
https://www.drupal.org/node/2475953
SA-CONTRIB-2015-099 - Node Template - Cross Site Scripting
https://www.drupal.org/node/2475955
Thanks
Regards
Pere Orga on behalf of the Drupal Security Team
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
