oss-security - CVEs for Drupal contributed modules

Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMYtjAopk9B-oHykyodXr3OpD_rUKmsTPk7Tuu2ZthtPa7rCgg@mail.gmail.com>
Date: Thu, 29 Jan 2015 00:12:29 +0100
From: Pere Orga <pere@...a.cat>
To: kseifried@...hat.com, oss-security@...ts.openwall.com
Subject: CVEs for Drupal contributed modules - January 2015

Hi

I would like to ask CVEs for the following advisories of Drupal
contributed modules:

SA-CONTRIB-2015-001 - OPAC - Cross-Site Request Forgery (CSRF)
https://www.drupal.org/node/2403313

SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
https://www.drupal.org/node/2403333

SA-CONTRIB-2015-003 - PHPlist Integration Module - SQL Injection
https://www.drupal.org/node/2403343

SA-CONTRIB-2015-004 - Context - Open Redirect
https://www.drupal.org/node/2403351

SA-CONTRIB-2015-005 - WikiWiki - SQL injection
https://www.drupal.org/node/2403375

SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - XSS
SA-CONTRIB-2015-006 - Cloudwords for Multilingual Drupal - CSRF
https://www.drupal.org/node/2403447

SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2403445

SA-CONTRIB-2015-008 - Batch Jobs - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2403451

SA-CONTRIB-2015-009 - Linkit - Cross Site Scripting (XSS)
https://www.drupal.org/node/2403459

SA-CONTRIB-2015-010 - Log Watcher - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2403463

SA-CONTRIB-2015-011 - Todo Filter - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2403465

SA-CONTRIB-2015-012 - Jammer - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2403487

SA-CONTRIB-2015-013 - Field Display Label - Cross Site Scripting (XSS)
https://www.drupal.org/node/2403489

SA-CONTRIB-2015-014 - Wishlist - XSS
SA-CONTRIB-2015-014 - Wishlist - CSRF
https://www.drupal.org/node/2407313

SA-CONTRIB-2015-015 - Term Merge - Cross Site Scripting (XSS)
https://www.drupal.org/node/2407315

SA-CONTRIB-2015-016 - Tadaa! - CSRF
SA-CONTRIB-2015-016 - Tadaa! - Open Redirect
https://www.drupal.org/node/2407321

SA-CONTRIB-2015-017 - Room Reservations - Cross Site Scripting (XSS)
https://www.drupal.org/node/2407329

SA-CONTRIB-2015-018 - Video - Cross Site Scripting (XSS)
https://www.drupal.org/node/2407341

SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect
https://www.drupal.org/node/2407347

SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2407357

SA-CONTRIB-2015-021 - Content Analysis - Cross Site Scripting (XSS)
https://www.drupal.org/node/2407395

SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS)
https://www.drupal.org/node/2407401

SA-CONTRIB-2015-023 - Classified Ads - Cross Site Scripting (XSS)
https://www.drupal.org/node/2411527

SA-CONTRIB-2015-024 - Alfresco - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2411523

SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2411539

SA-CONTRIB-2015-026 - Taxonews - Cross Site Scripting (XSS)
https://www.drupal.org/node/2411573

SA-CONTRIB-2015-027 - Quizzler - Cross Site Scripting (XSS)
https://www.drupal.org/node/2411579

SA-CONTRIB-2015-028 - Shibboleth Authentication - Cross Site Request
Forgery (CSRF)
https://www.drupal.org/node/2411737

SA-CONTRIB-2015-029 - Corner - Cross Site Request Forgery (CSRF)
https://www.drupal.org/node/2411741

SA-CONTRIB-2015-030 - Amazon AWS - Access bypass
https://www.drupal.org/node/2415873

SA-CONTRIB-2015-031 - GD Infinite Scroll - XSS
SA-CONTRIB-2015-031 - GD Infinite Scroll - CSRF
SA-CONTRIB-2015-031 - GD Infinite Scroll - Open Redirect
https://www.drupal.org/node/2415885

SA-CONTRIB-2015-032 - Node Invite - XSS
SA-CONTRIB-2015-032 - Node Invite - CSRF
https://www.drupal.org/node/2415899

SA-CONTRIB-2015-033 - Certify - Access bypass
SA-CONTRIB-2015-033 - Certify - Information disclosure
https://www.drupal.org/node/2415947


Many thanks
Pere Orga on behalf of the Drupal Security Team
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.