797 matches found
Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...
Reading of local files through manipulation of form autocomplete — Mozilla
Security researcher Armin Ebert reported that a user readable file in a known local path could be uploaded to a malicious site. This was done by manipulating the autocomplete feature in a form and user interaction with it. While the local file is not visibly uploaded through the form, its content...
CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
DEBIAN-CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
UBUNTU-CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
Cross site scripting
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
CVE-2014-8524
McAfee Network Data Loss Prevention NDLP before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors...
Default credentials
McAfee Network Data Loss Prevention NDLP before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2014-8524
McAfee Network Data Loss Prevention NDLP before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors...
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2014:1098-1)
MozillaThunderbird was updated to Thunderbird 31.1.0 bnc894370, fixinfg security issues : - MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards - MFSA 2014-68/CVE-2014-1563 bmo1018524 Use-after-free during DOM interactions with SVG - MFSA 2014-69/CVE-2014-1564 bmo1045977...
Design/Logic Flaw
IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended...
CVE-2014-5250
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Code injection
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via unspecified vectors...
CVE-2014-5249
The vulnerability CVE-2014-5249 affects the Drupal Biblio Autocomplete module, specifically the submodule Biblio self autocomplete in versions 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5. The root cause is insufficient sanitization of user input in the Biblio self autocomplete submodule, wh...
CVE-2014-5250
The CVE-2014-5250 issue affects the Drupal Biblio Autocomplete module (6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.5). The Drupal SA indicates an AJAX autocompletion vulnerability in the Biblio Autocomplete submodule, enabling data access by remote users (including anonymous) via unspecif...
CVE-2014-5249
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...