CVE-2015-4394

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the fieldaccess restriction and obtain sensitive private field information via unspecified vectors...

CVE-2015-4393

The CVE-2015-4393 entry relates to Drupal Services module (7.x-3.x) vulnerability prior to 7.x-3.12. The resource/endpoint used for uploading files could be triggered by remote authenticated users who have the Save file information permission to execute arbitrary code via a crafted filename. Affe...

CVE-2015-4393

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename...

CVE-2015-4394

The CVE-2015-4394 issue affects the Drupal Services module (7.x-3.x) prior to 7.x-3.12, where an improper field_access check allows remote attackers to disclose private field information. The vulnerability is tied to the Services module’s handling of entity field access, enabling information expo...

Drupal Services Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Services is one of the modules that allows users to programmatically create customized Web service items. An information disclosure vulnerability exists in the Drupal Services module...

Drupal Services Module Access Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Services is one of the modules that allows users to programmatically create customized Web service items. An access bypass vulnerability exists in the Drupal Services module 7.x-3.11...

SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass

Services Basic Authentication module adds HTTP basic authentication for Services module. A user could get unauthorized access to resources under some circumstances. This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled. CVE identifiers...

CVE-2014-9153

Cross-site scripting XSS vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response...

CVE-2014-9152

The userresourcecreate function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack...

CVE-2014-9151

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password...

Cross site scripting

Cross-site scripting XSS vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response...

Default credentials

The userresourcecreate function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack...

Default credentials

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password...

CVE-2014-9151

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password...

CVE-2014-9153

Cross-site scripting XSS vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response...

CVE-2014-9151

CVE-2014-9151 affects Drupal’s Services module (7.x-3.x) prior to 7.x-3.10. The vulnerability is due to insufficient flood control / rate limiting on authentication attempts, allowing remote attackers to brute-force the administrative password. The issue is addressed by upgrading to Services 7.x-...

CVE-2014-9152

The userresourcecreate function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess the password via a brute force attack...

CVE-2014-9152

CVE-2014-9152 affects the Drupal Services module (7.x-3.x) prior to 7.x-3.10. The _user_resource_create function creates new user accounts with a password of 1, enabling remote attackers to brute-force the password. Impact is partial confidentiality and integrity risk for newly created accounts; ...

CVE-2014-9153

CVE-2014-9153 is a XSS vulnerability in the Drupal Services module for Drupal 7.x-3.x, present before 7.x-3.10. The issue arises from an unfiltered JSONP callback parameter, allowing remote authenticated users to inject arbitrary JavaScript in a JSONP response. Affected version range is Services ...

Cisco Firewall Services Module DoS

Race conditions in cut-through proxy function...