Kaspersky Threats

Kaspersky ID:

KLA10563

Erkennungsdatum:

04/21/2015

Aktualisiert:

03/29/2019

Beschreibung

Multiple serious vulnerabilities have been found in Drupal modules. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Open redirect vulnerabilities in Commerce WeDeal, Node basket, Views and Node Invite modules can be exploited remotely via unspecified vectors;
XSS vulnerabilities in Ajax Timeline, Facebook Album Fetcher, Public Download Count, Taxonomy Tools, Node Access Product, Taxonomy Path, Commerce Balanced Payments, Node basket, Quizzler, Node Invite, Taxonews, Classified Ads, Nodeauthor and Content Analysis modules can be exploited remotely via a specially designed parameters or other unknown vectors;
Unknown vulnerability in Path Breadcrumbs module can be exploited remotely via a 403 page reading;
CSRF vulnerabilities in Node basket, Feature Set, Shibboleth Authentication, Corner, Node Invite, Patterns, Alfresco and Contact Form Fields modules can be exploited remotely via an unspecified vectors;
An improper access restrictions in Views module can be exploited remotely via an unknown vectors;
Improper token generation in Amazon AWS module can be exploited remotely via an unspecified vectors.

Ursprüngliche Informationshinweise

CVE Liste

CVE-2015-3393
high
CVE-2015-3392
high
CVE-2015-3391
high
CVE-2015-3390
high
CVE-2015-3389
high
CVE-2015-3388
high
CVE-2015-3387
high
CVE-2015-3386
high
CVE-2015-3385
high
CVE-2015-3384
high
CVE-2015-3383
high
CVE-2015-3382
high
CVE-2015-3381
high
CVE-2015-3380
high
CVE-2015-3379
high
CVE-2015-3378
high
CVE-2015-3376
high
CVE-2015-3375
high
CVE-2015-3374
high
CVE-2015-3373
high
CVE-2015-3372
high
CVE-2015-3371
high
CVE-2015-3370
high
CVE-2015-3369
high
CVE-2015-3368
high
CVE-2015-3367
high
CVE-2015-3366
high
CVE-2015-3365
high
CVE-2015-3364
high
CVE-2015-3363
high

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com

Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!

Kaspersky ID:

KLA10563

Erkennungsdatum:

04/21/2015

Aktualisiert:

03/29/2019

Schweregrad

high

Lösung

Update to the latest version or check out another plugins to use.

Auswirkungen

OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Beeinträchtigte Produkte

Commerce WeDeal versions earlier than 7.x-1.3
Ajax Timeline versions earlier than 7.x-1.1
Path Breadcrumbs versions earlier than 7.x-3.2
Facebook Album Fetcher all versions
Public Download Count versions earlier than 7.x-1.x-dev
Commerce Balanced Payments all versions
Taxonomy Tools versions earlier than 7.x-1.4
Node Access Product all versions
Taxonomy Path versions earlier than 7.x-1.2
Node basket all versions
Feature Set all versions
Views versions earlier than 6.x-2.18
Views 6.x-3.x versions earlier than 6.x-3.2
Views 7.x-3.x versions earlier than 7.x-3.10
Quizzler versions earlier than 7-x.1.16
Shibboleth Authentication versions earlier than 6.x-4.1
Shibboleth Authentication 7.x-4.x versions earlier than 7.x-4.1
Corner all versions
Amazon AWS versions earlier than 7.x-1.3
Node Invite versions earlier than6.x-2.5
Taxonews versions earlier than 6.x-1.2
Taxonews 7.x-1.x versions earlier than 7.x-1.1
Classified Ads versions earlier than 6.x-3.1
Classified Ads 7.x-3.x versions earlier than 7.x-3.1
Patterns versions earlier than 7.x-2.2
Alfresco versions earlier than 6.x-1.3
Nodeauthor all versions
Content Analysis versions earlier than 6.x-1.7
Contact Form Fields versions earlier than 6.x-2.3

Multiple vulnerabilities in Drupal modules

Beschreibung

Ursprüngliche Informationshinweise

CVE Liste

Mehr erfahren