Kaspersky Threats

Kaspersky ID:

KLA10563

Дата обнаружения:

21/04/2015

Обновлено:

03/06/2020

Описание

Multiple serious vulnerabilities have been found in Drupal modules. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Open redirect vulnerabilities in Commerce WeDeal, Node basket, Views and Node Invite modules can be exploited remotely via unspecified vectors;
XSS vulnerabilities in Ajax Timeline, Facebook Album Fetcher, Public Download Count, Taxonomy Tools, Node Access Product, Taxonomy Path, Commerce Balanced Payments, Node basket, Quizzler, Node Invite, Taxonews, Classified Ads, Nodeauthor and Content Analysis modules can be exploited remotely via a specially designed parameters or other unknown vectors;
Unknown vulnerability in Path Breadcrumbs module can be exploited remotely via a 403 page reading;
CSRF vulnerabilities in Node basket, Feature Set, Shibboleth Authentication, Corner, Node Invite, Patterns, Alfresco and Contact Form Fields modules can be exploited remotely via an unspecified vectors;
An improper access restrictions in Views module can be exploited remotely via an unknown vectors;
Improper token generation in Amazon AWS module can be exploited remotely via an unspecified vectors.

Первичный источник обнаружения

Связанные продукты

Drupal

Список CVE

CVE-2015-3393
high
CVE-2015-3392
warning
CVE-2015-3391
critical
CVE-2015-3390
warning
CVE-2015-3389
warning
CVE-2015-3388
high
CVE-2015-3387
warning
CVE-2015-3386
warning
CVE-2015-3385
warning
CVE-2015-3384
warning
CVE-2015-3383
high
CVE-2015-3382
high
CVE-2015-3381
warning
CVE-2015-3380
high
CVE-2015-3379
warning
CVE-2015-3378
warning
CVE-2015-3376
warning
CVE-2015-3375
high
CVE-2015-3374
high
CVE-2015-3373
critical
CVE-2015-3372
warning
CVE-2015-3371
high
CVE-2015-3370
high
CVE-2015-3369
warning
CVE-2015-3368
warning
CVE-2015-3367
high
CVE-2015-3366
high
CVE-2015-3365
warning
CVE-2015-3364
warning
CVE-2015-3363
high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!

Kaspersky ID:

KLA10563

Дата обнаружения:

21/04/2015

Обновлено:

03/06/2020

Уровень угрозы

high

Решение

Update to the latest version or check out another plugins to use.

Impacts

OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Затронутые продукты

Commerce WeDeal versions earlier than 7.x-1.3
Ajax Timeline versions earlier than 7.x-1.1
Path Breadcrumbs versions earlier than 7.x-3.2
Facebook Album Fetcher all versions
Public Download Count versions earlier than 7.x-1.x-dev
Commerce Balanced Payments all versions
Taxonomy Tools versions earlier than 7.x-1.4
Node Access Product all versions
Taxonomy Path versions earlier than 7.x-1.2
Node basket all versions
Feature Set all versions
Views versions earlier than 6.x-2.18
Views 6.x-3.x versions earlier than 6.x-3.2
Views 7.x-3.x versions earlier than 7.x-3.10
Quizzler versions earlier than 7-x.1.16
Shibboleth Authentication versions earlier than 6.x-4.1
Shibboleth Authentication 7.x-4.x versions earlier than 7.x-4.1
Corner all versions
Amazon AWS versions earlier than 7.x-1.3
Node Invite versions earlier than6.x-2.5
Taxonews versions earlier than 6.x-1.2
Taxonews 7.x-1.x versions earlier than 7.x-1.1
Classified Ads versions earlier than 6.x-3.1
Classified Ads 7.x-3.x versions earlier than 7.x-3.1
Patterns versions earlier than 7.x-2.2
Alfresco versions earlier than 6.x-1.3
Nodeauthor all versions
Content Analysis versions earlier than 6.x-1.7
Contact Form Fields versions earlier than 6.x-2.3

Multiple vulnerabilities in Drupal modules

Описание

Первичный источник обнаружения

Связанные продукты

Список CVE

Смотрите также