CVE-2012-5586
- EPSS 0.25%
- Veröffentlicht 26.12.2012 17:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the pa...
CVE-2008-6909
- EPSS 0.7%
- Veröffentlicht 06.08.2009 18:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers t...
CVE-2008-6910
- EPSS 0.66%
- Veröffentlicht 06.08.2009 18:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
CVE-2008-6908
- EPSS 0.66%
- Veröffentlicht 06.08.2009 17:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.