4 matches found
CVE-2012-5586
The Drupal Services module (versions 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3) is affected. Remote authenticated users who have the "access user profiles" permission can disclose arbitrary users’ email addresses via the user index method and the path to the user resource. This is caused ...
CVE-2008-6908
The CVE-2008-6908 entry affects the Drupal Services module: 5.x before 5.x-0.92 and 6.x before 6.x-0.13. The vulnerability arises from using an insecure hash when signing requests, enabling remote attackers to impersonate other users and gain privileges. Affected component is the Services module ...
CVE-2008-6909
CVE-2008-6909 concerns a Drupal Services module issue where versions 5.x before 5.x-0.92 and 6.x before 6.x-0.13 do not sign all required data in requests. The available documents consistently describe an unspecified impact and suggest a risk of man-in-the-middle modification of data, potentially...
CVE-2008-6910
CVE-2008-6910 affects Drupal modules (Services 5.x up to 5.x-0.91/0.92 and 6.x up to 6.x-0.13). The root cause is that signed requests do not implement timeouts, enabling a replay attack that can impersonate other users and escalate privileges. Exposed components: the Drupal Services module on af...