Services@7.x-3.9 Security Vulnerabilities and Issues — Services@7.x-3.9 CVE List

Lucene search

Services ProjectServices7.x-3.9

3 matches found

CVE•added 2015/06/15 2:59 p.m.•29 views

CVE-2015-4393

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.

6CVSS7.4AI score0.01266EPSS

CVE•added 2014/12/01 4:59 p.m.•28 views

CVE-2014-9151

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.

7.5CVSS7AI score0.0051EPSS

CVE•added 2014/12/01 4:59 p.m.•27 views

CVE-2014-9153

Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter in a JSONP response.

4.3CVSS5.4AI score0.00248EPSS