5 matches found
EUVD-2016-3095
Malware in sbrugna...
CVE-2016-20007
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...
Drupal Code Issues Vulnerabilities
Drupal is an open source content management system developed in the PHP language by the Drupal community. A code issue vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows guessing session names...
CVE-2016-20007
CVE-2016-20007 affects the Drupal REST/JSON project 7.x-1.x. The vulnerability is described as a session name guessing flaw (SA-CONTRIB-2016-033) within this module. Based on the linked metrics, the issue carries CVSS v2 base score 5.0 (Medium) with Network access, Low attack complexity, no user ...
REST JSON - Multiple Vulnerabilities - Highly Critical - Unsupported - SA-CONTRIB-2016-033
This module enables you to expose content, users and comments via a JSON API. The module contains multiple vulnerabilities including Node access bypass Comment access bypass User enumeration Field access bypass User registration bypass Blocked user login Session name guessing Session enumeration...