KLA10563Multiple vulnerabilities in Drupal modules

2015-04-21T00:00:00
ID KLA10563
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

04/21/2015

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Drupal modules. Malicious users can exploit these vulnerabilities to bypass security restrictions, inject arbitrary code or obtain sensitive information.

Affected products:

Commerce WeDeal versions earlier than 7.x-1.3
Ajax Timeline versions earlier than 7.x-1.1
Path Breadcrumbs versions earlier than 7.x-3.2
Facebook Album Fetcher all versions
Public Download Count versions earlier than 7.x-1.x-dev
Commerce Balanced Payments all versions
Taxonomy Tools versions earlier than 7.x-1.4
Node Access Product all versions
Taxonomy Path versions earlier than 7.x-1.2
Node basket all versions
Feature Set all versions
Views versions earlier than 6.x-2.18
Views 6.x-3.x versions earlier than 6.x-3.2
Views 7.x-3.x versions earlier than 7.x-3.10
Quizzler versions earlier than 7-x.1.16
Shibboleth Authentication versions earlier than 6.x-4.1
Shibboleth Authentication 7.x-4.x versions earlier than 7.x-4.1
Corner all versions
Amazon AWS versions earlier than 7.x-1.3
Node Invite versions earlier than6.x-2.5
Taxonews versions earlier than 6.x-1.2
Taxonews 7.x-1.x versions earlier than 7.x-1.1
Classified Ads versions earlier than 6.x-3.1
Classified Ads 7.x-3.x versions earlier than 7.x-3.1
Patterns versions earlier than 7.x-2.2
Alfresco versions earlier than 6.x-1.3
Nodeauthor all versions
Content Analysis versions earlier than 6.x-1.7
Contact Form Fields versions earlier than 6.x-2.3

Solution:

Update to the latest version or check out another plugins to use.

Impacts:

OSI

CVE-IDS:

CVE-2015-33935.8High
CVE-2015-33923.5High
CVE-2015-33915.0High
CVE-2015-33903.5High
CVE-2015-33893.5High
CVE-2015-33885.8High
CVE-2015-33873.5High
CVE-2015-33863.5High
CVE-2015-33853.5High
CVE-2015-33843.5High
CVE-2015-33835.8High
CVE-2015-33825.8High
CVE-2015-33813.5High
CVE-2015-33805.8High
CVE-2015-33794.0High
CVE-2015-33784.9High
CVE-2015-33763.5High
CVE-2015-33755.8High
CVE-2015-33745.8High
CVE-2015-33735.0High
CVE-2015-33723.5High
CVE-2015-33715.8High
CVE-2015-33706.8High
CVE-2015-33693.5High
CVE-2015-33683.5High
CVE-2015-33676.8High
CVE-2015-33665.8High
CVE-2015-33653.5High
CVE-2015-33644.3High
CVE-2015-33636.8High