Services

CVEs (8)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2001-0505	Microsoft Services	0.03	—	0.33	Oct 30, 2001	Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
CVE-2002-1141	Microsoft Services	0.01	—	0.14	Oct 11, 2002	An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by…
CVE-2002-1140	Microsoft Services	0.01	—	0.14	Oct 11, 2002	The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of…
CVE-2013-2158	Services Project Services	0.00	—	0.01	Jul 1, 2013	Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6910	Marc Ingram Services	0.00	—	0.01	Aug 6, 2009	Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
CVE-2008-6909	Marc Ingram Services	0.00	—	0.01	Aug 6, 2009	Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and…
CVE-2008-6908	Marc Ingram Services	0.00	—	0.01	Aug 6, 2009	Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
CVE-2009-2035	Microsoft Services	0.00	—	0.01	Jun 12, 2009	Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors.

CVE-2001-0505Oct 30, 2001
Microsoft
Services
risk 0.03cvss —epss 0.33
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
CVE-2002-1141Oct 11, 2002
Microsoft
Services
risk 0.01cvss —epss 0.14
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by…
CVE-2002-1140Oct 11, 2002
Microsoft
Services
risk 0.01cvss —epss 0.14
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of…
CVE-2013-2158Jul 1, 2013
Services Project
Services
risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-6910Aug 6, 2009
Marc Ingram
Services
risk 0.00cvss —epss 0.01
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request.
CVE-2008-6909Aug 6, 2009
Marc Ingram
Services
risk 0.00cvss —epss 0.01
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not sign all required data in requests, which has unspecified impact, probably related to man-in-the-middle attacks that modify critical data and allow remote attackers to impersonate other users and…
CVE-2008-6908Aug 6, 2009
Marc Ingram
Services
risk 0.00cvss —epss 0.01
Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, uses an insecure hash when signing requests, which allows remote attackers to impersonate other users and gain privileges.
CVE-2009-2035Jun 12, 2009
Microsoft
Services
risk 0.00cvss —epss 0.01
Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors.