Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request for Drupal Contributed Modules
From: Forest Monsen <forest.monsen () gmail com>
Date: Sat, 17 Nov 2012 21:29:33 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!

Here's a batch CVE request for a number of previously published and
resolved issues with contributed modules for the Drupal project. As
noted in http://www.openwall.com/lists/oss-security/2012/11/05/4, I
have volunteered to coordinate our CVE requests.

Forest Monsen, on behalf of the Drupal Security Team


- - SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution
  http://drupal.org/node/1789284

- - SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)
  http://drupal.org/node/1789306

- - SA-CONTRIB-2012-148 - Organic Groups - Access Bypass
  http://drupal.org/node/1796036

- - SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)
  http://drupal.org/node/1802218

- - SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)
  http://drupal.org/node/1802230

- - SA-CONTRIB-2012-151 - Commerce Extra Panes - Cross Site Request
  Forgery
  http://drupal.org/node/1802258

- - SA-CONTRIB-2012-152 - Feeds - Access bypass
  http://drupal.org/node/1808832

- - SA-CONTRIB-2012-153 - Mandrill - Information Disclosure
  http://drupal.org/node/1808846

- - SA-CONTRIB-2012-154 - Basic webmail - Cross Site Scripting
  http://drupal.org/node/1808852

- - SA-CONTRIB-2012-154 - Basic webmail - Information Disclosure
  http://drupal.org/node/1808852

- - SA-CONTRIB-2012-155 - ShareThis - Cross Site Scripting (XSS)
  http://drupal.org/node/1808856

- - SA-CONTRIB-2012-156 - Search API - Cross Site Request Forgery (CSRF)
  http://drupal.org/node/1815770

- - SA-CONTRIB-2012-157 - Time Spent - Cross Site Scripting (XSS)
  http://drupal.org/node/1822066

- - SA-CONTRIB-2012-157 - Time Spent - Cross Site Request Forgery (CSRF)
  http://drupal.org/node/1822066

- - SA-CONTRIB-2012-157 - Time Spent - SQL Injection
  http://drupal.org/node/1822066

- - SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)
  http://drupal.org/node/1822166

- - SA-CONTRIB-2012-159 - Password policy - Information disclosure
  http://drupal.org/node/1828340

- - SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)
  http://drupal.org/node/1834866

- - SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass
  http://drupal.org/node/1834868

- - SA-CONTRIB-2012-162 - RESTful Web Services - Cross site request
  forgery (CSRF)
  http://drupal.org/node/1840740

- - SA-CONTRIB-2012-163 - User Read-Only - Permission escalation
  http://drupal.org/node/1840886

- - SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site
  Scripting (XSS)
  http://drupal.org/node/1840892

- - SA-CONTRIB-2012-165 - Chaos tool suite (ctools) - Cross Site
  Scripting (XSS)
  http://drupal.org/node/1840992

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCocjEACgkQ/ILCL9e1Br73XACeIA+9vN5kq9QZ99cbEHtVemyV
SxsAn1EN77He3g3ssthVQ/pgBfVPgrR9
=15AA
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]