Lucene search
K
Marc IngramServices

4 matches found

CVE
CVE
added 2012/12/26 5:0 p.m.48 views

CVE-2012-5586

The Drupal Services module (versions 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3) is affected. Remote authenticated users who have the "access user profiles" permission can disclose arbitrary users’ email addresses via the user index method and the path to the user resource. This is caused ...

2.1CVSS6.5AI score0.00957EPSS
CVE
CVE
added 2009/08/06 5:0 p.m.43 views

CVE-2008-6908

The CVE-2008-6908 entry affects the Drupal Services module: 5.x before 5.x-0.92 and 6.x before 6.x-0.13. The vulnerability arises from using an insecure hash when signing requests, enabling remote attackers to impersonate other users and gain privileges. Affected component is the Services module ...

7.5CVSS7.1AI score0.01359EPSS
CVE
CVE
added 2009/08/06 6:0 p.m.37 views

CVE-2008-6909

CVE-2008-6909 concerns a Drupal Services module issue where versions 5.x before 5.x-0.92 and 6.x before 6.x-0.13 do not sign all required data in requests. The available documents consistently describe an unspecified impact and suggest a risk of man-in-the-middle modification of data, potentially...

6.5CVSS7.1AI score0.01115EPSS
CVE
CVE
added 2009/08/06 6:0 p.m.34 views

CVE-2008-6910

CVE-2008-6910 affects Drupal modules (Services 5.x up to 5.x-0.91/0.92 and 6.x up to 6.x-0.13). The root cause is that signed requests do not implement timeouts, enabling a replay attack that can impersonate other users and escalate privileges. Exposed components: the Drupal Services module on af...

7.5CVSS7.1AI score0.01359EPSS