Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0328)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.130056

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0328)

Resumen: The remote host is missing an update for the 'drupal' package(s) announced via the MGASA-2015-0328 advisory.

Descripción: Summary:
The remote host is missing an update for the 'drupal' package(s) announced via the MGASA-2015-0328 advisory.

Vulnerability Insight:
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal
before 7.39 allows remote attackers to inject arbitrary web script or HTML
via a crafted URL, related to uploading files (CVE-2015-6658).

SQL injection vulnerability in the SQL comment filtering system in the
Database API in Drupal before 7.39 allows remote attackers to execute
arbitrary SQL commands via an SQL comment (CVE-2015-6659).

The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly
validate the form token, which allows remote attackers to conduct CSRF
attacks that upload files in a different user's account via vectors related
to 'file upload value callbacks' (CVE-2015-6660).

Drupal before 7.39 allows remote attackers to obtain sensitive node titles by
reading the menu (CVE-2015-6661).

Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal before
7.39 allows remote attackers to inject arbitrary web script or HTML via
vectors involving a whitelisted HTML element, possibly related to the 'a' tag
(CVE-2015-6665).

Affected Software/OS:
'drupal' package(s) on Mageia 4, Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-6658
BugTraq ID: 76434
http://www.securityfocus.com/bid/76434
Debian Security Information: DSA-3346 (Google Search)
http://www.debian.org/security/2015/dsa-3346
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html
http://www.securitytracker.com/id/1033358
Common Vulnerability Exposure (CVE) ID: CVE-2015-6659
BugTraq ID: 76432
http://www.securityfocus.com/bid/76432
Common Vulnerability Exposure (CVE) ID: CVE-2015-6660
Common Vulnerability Exposure (CVE) ID: CVE-2015-6661
Common Vulnerability Exposure (CVE) ID: CVE-2015-6665
BugTraq ID: 76431
http://www.securityfocus.com/bid/76431
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html
https://www.drupal.org/node/2554145

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.130056
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0328)
Resumen:	The remote host is missing an update for the 'drupal' package(s) announced via the MGASA-2015-0328 advisory.
Descripción:	Summary: The remote host is missing an update for the 'drupal' package(s) announced via the MGASA-2015-0328 advisory. Vulnerability Insight: Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files (CVE-2015-6658). SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment (CVE-2015-6659). The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to 'file upload value callbacks' (CVE-2015-6660). Drupal before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu (CVE-2015-6661). Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal before 7.39 allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the 'a' tag (CVE-2015-6665). Affected Software/OS: 'drupal' package(s) on Mageia 4, Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6658 BugTraq ID: 76434 http://www.securityfocus.com/bid/76434 Debian Security Information: DSA-3346 (Google Search) http://www.debian.org/security/2015/dsa-3346 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165704.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165733.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165723.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165840.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165690.html http://www.securitytracker.com/id/1033358 Common Vulnerability Exposure (CVE) ID: CVE-2015-6659 BugTraq ID: 76432 http://www.securityfocus.com/bid/76432 Common Vulnerability Exposure (CVE) ID: CVE-2015-6660 Common Vulnerability Exposure (CVE) ID: CVE-2015-6661 Common Vulnerability Exposure (CVE) ID: CVE-2015-6665 BugTraq ID: 76431 http://www.securityfocus.com/bid/76431 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165674.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html https://www.drupal.org/node/2554145
Copyright	Copyright (C) 2015 Greenbone AG