Skip to main content

Services

7 CVEs product

Monthly

CVE-2015-4394 MEDIUM PATCH This Month

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Services
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-4393 MEDIUM PATCH This Month

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

RCE Services
NVD
CVSS 2.0
6.0
EPSS
1.3%
CVE-2014-9153 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Services
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-9152 HIGH This Week

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-9151 HIGH This Week

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2158 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Services
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5586 LOW PATCH Monitor

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Privilege Escalation Services
NVD
CVSS 2.0
2.1
EPSS
0.3%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Services
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

RCE Services
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Services
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Services
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Services
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Privilege Escalation Services
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy