CVE-2012-5556

Multiple cross-site request forgery CSRF vulnerabilities in the RESTful Web Services RESTWS module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

Cross-Site Scripting (XSS)

restws is vulnerable to cross-site scripting. A remotely authenticated user is able inject and execute arbitary Javascript in another user's browser...

PT-2020-7484 · Drupal · Drupal Restws Module

Name of the Vulnerable Software and Affected Versions: Drupal restws module versions 7.x-1.x before 7.x-1.4 Drupal restws module versions 7.x-2.x before 7.x-2.1 Description: The issue allows remote authenticated users with certain permissions, such as access resource node and create page content,...

Drupal RESTWS Module Page Callback RCE

The version of Drupal running on the remote web server is affected by a remote code execution vulnerability in the bundled RESTful Web services RESTWS module due to a flaw in how default page callbacks for Drupal entities are altered when handling specially crafted requests. An unauthenticated,...

RestWS - Moderately Critical - Information Disclosure - SA-CONTRIB-2017-024

RestWS makes Drupal Entity data available in a REST API. The module doesn’t sufficiently check for access to properties when filtering queries. This vulnerability is mitigated by the fact that an attacker must have a role that allows them to access an entity type with access-controlled properties...

Drupal RESTWS Module Page Callback Remote Code Execution

A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the web server process...

Drupal RESTWS Remote Code Execution

A code execution vulnerability exists in Drupal RESTful Web Services RESTWS Module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Drupal 7. x RESTWS module command execution vulnerability

No description provided by source...

Drupal RESTWS Module Remote PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTWS Module Remote PHP Code Execution', 'Description' = %q This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTW...

Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Drupal RESTWS Module 7.x Remote PHP Code Execution', 'Description' = %q Th...

Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

Drupal Module RESTWS 7.x - PHP Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Drupal RESTWS Module 7.x Remote PHP Code Execution',...

Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Drupal RESTWS Module 7.x Remote PHP Code Execution', 'Description' = %q This module exploits the Drupal RESTWS module...

Drupal RESTWS RCE Vulnerability (SA-CONTRIB-2016-040) - Active Check

Drupal is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal";...

Drupal RESTWS Module Remote PHP Code Execution

This module exploits a Remote PHP Code Execution vulnerability in the Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this...

Drupal RESTWS Remote Code Execution Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A remote code execution vulnerability exists in the Drupal RESTWS module. An attacker can exploit the vulnerability by sending a specially crafted request that results in...

Information disclosure

The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2015-4345

CVE-2015-4345 affects Drupal's RESTful Web Services RESTWS module (Drupal 7.x). The vulnerability is in the Basic Auth submodule: RESTWS 7.x-1.x versions before 7.x-1.5 and 7.x-2.x before 7.x-2.3 cache pages for authenticated requests, which can lead to information disclosure of potentially sensi...

CVE-2013-1946

The RESTful Web Services RESTWS module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a...

Design/Logic Flaw

The RESTful Web Services RESTWS module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a...

CVE-2013-1946

The CVE-2013-1946 entry affects Drupal’s RESTful Web Services (RESTWS) module for Drupal 7.x-1.x up to 7.x-1.3 and 7.x-2.x up to 7.x-2.0-alpha5. When page caching is enabled and anonymous users have RESTWS permissions, a GET request with an HTTP Accept header set to a non-HTML type can cause a de...