CVE-2021-28142

CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."...

CVE-2021-28142

CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."...

CITSmart SQL注入漏洞

CITSmart is an application from CITSmart Portugal. It provides all the processes for designing an organization. A SQL injection vulnerability exists in CITSmart versions prior to 9.1.2.28, which stems from the incorrect handling of "filtro de autocomplete...". No details of the vulnerability are...

Redmine 跨站脚本漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A security vulnerability exists in Redmine 4.1.x before 4.1.2, which stems from the subject of an issue...

PT-2021-18158 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions 4.1.0 through 4.1.1 Description: The issue arises from the mishandling of an issue's subject in the auto complete tip, leading to a potential XSS attack. Recommendations: For versions 4.1.0 through 4.1.1, update to version...

DRUPAL-CONTRIB-2021-005

The Fast Autocomplete module provides fast IMDB-like suggestions below a text input field. Suggestions are stored as JSON files in the public files folder so that they can be provided to the browser relatively fast without the need for Drupal to be bootstrapped. The module doesn't correctly...

Fast Autocomplete - Moderately critical - Access bypass - SA-CONTRIB-2021-005

The Fast Autocomplete module provides fast IMDB-like suggestions below a text input field. Suggestions are stored as JSON files in the public files folder so that they can be provided to the browser relatively fast without the need for Drupal to be bootstrapped. The module doesn't correctly...

Security Bulletin: Netcool Operations Insights - login.jsp Caching issues and autocomplete for password field enabled. (low)

Summary It was observed that the Netcool Operations Insights Omnibus Webgui login.jsp was caching password fields and that the autocomplete attribute was not disabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM Maximo Data Loader (maxloader) shipped with IBM Maximo for Civil Infrastructure is vulnerable to autocomplete HTML Attribute not disabled for password field

Summary There is autocomplete HTML attribute not disabled for password field in Maximo Data Loader maxloader which is shipped with IBM Maximo for Civil Infrastructure. It may be possible to bypass the web application's authentication mechanism. Vulnerability Details CVEID: CVE-2021-20445...

Yelp: password field autocomplete enabled

Summary: Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local...

OPENSUSE-SU-2020:1509-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...

openSUSE Security Update : otrs (openSUSE-2020-1475)

Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

GHSA-XWQW-RF2Q-XMHF Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...

Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...

Information Disclosure

util-taglib is vulnerable to information disclosure. The disclosure of a user's answer to his/her password reminder question is possible due to the browser's autocomplete feature, when a user account is created using a public or shared computer...

Arbitrary Code Execution

busybox is vulnerable to arbitrary code execution. The vulnerability exists in the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any...

openSUSE Security Update : otrs (openSUSE-2020-551)

Otrs was updated to 5.0.42, fixing lots of bugs and security issues : https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10 : - Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset...

OPENSUSE-SU-2020:0551-1 Recommended update for otrs

Otrs was updated to 5.0.42, fixing lots of bugs and security issues: https://community.otrs.com/otrs-community-edition-5s-patch-level-42/ - CVE-2020-1773 boo1168029 OSA-2020-10: Session / Password / Password token leak An attacker with the ability to generate session IDs or password reset tokens,...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information...