Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities

No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issu...

CVE-2013-1973

The autocomplete callback in Autocomplete Widgets for Text and Number Fields autocompletewidgets module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors...

Code injection

The autocomplete callback in Autocomplete Widgets for Text and Number Fields autocompletewidgets module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors...

CVE-2013-1973

The autocomplete callback in Autocomplete Widgets for Text and Number Fields autocompletewidgets module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors...

CVE-2013-1973

CVE-2013-1973 affects the Drupal contributed module Autocomplete Widgets for Text and Number Fields . The vulnerability lies in the autocomplete callback not properly enforcing node permissions, enabling remote authenticated users to obtain sensitive field values via unspecified vectors. Affected...

Localize: Password type input with auto-complete enabled

Vulnerability description When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker wi...

Stable Channel Update

The Chrome Team is excited to announce the promotion of Chrome 34 to the Stable channel for Windows, Mac, and Linux. Chrome 34.0.1847.116 contains a number of fixes and improvements, including: Responsive Images and Unprefixed Web Audio Import supervised users onto new computers A number of new...

CVE-2013-2047

The login page aka index.php in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password...

Default credentials

The login page aka index.php in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password...

UBUNTU-CVE-2013-2047

The login page aka index.php in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password...

CVE-2013-2047

The login page aka index.php in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password...

CVE-2013-2047

The CVE-2013-2047 entry concerns ownCloud Server versions earlier than 5.0.6, where the login page (index.php) does not disable the password field’s autocomplete. This configuration allows physically proximate attackers to obtain passwords via browsers that support autocomplete. Public references...

SA-CONTRIB-2014-013- Chaos tool suite (ctools) - Access Bypass

This module provides content editors with an autocomplete callback for entity titles, as well as an ability to embed content within the Chaos tool suite ctools framework. Prior to this version, ctools did not sufficiently check access grants for various types of content other than nodes. It also...

HackerOne: Autocomplete enabled in Paypal preferences

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information...

[Netsparker v3.2] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

mySeatXT 0.2134 SQL Injection

Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable Code: + autocompleteres.php $sql =...

Design/Logic Flaw

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password aka jpassword field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended...

CVE-2012-6573

Cross-site scripting XSS vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results...

Cross site scripting

Cross-site scripting XSS vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results...

CVE-2012-6573

CVE-2012-6573 is a cross-site scripting (XSS) vulnerability in the Drupal Solr Autocomplete module. Affected versions are Apache Solr Autocomplete 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.3, where user input in autocomplete results could inject arbitrary script/HTML. The root cause is ...