797 matches found
CVE-2012-6573
Cross-site scripting XSS vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results...
Sql injection
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4634
Summary: TYPO3’s jQuery autocomplete for indexed_search (rzautocomplete) extension is vulnerable to SQL injection in all versions before 0.0.9, as described in CVE-2013-4634. Impact: Remote attackers could execute arbitrary SQL commands via unspecified vectors. Affected component: rzautocomplete ...
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Allow cookie-less instance for security reasons
Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5. In various cases administrators may want to prevent their users to have their passwords saved. While various browsers will override this settings, but preventing to have a remember-...
form_autocomplete
This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...
Imperva SecureSphere Operations Manager Command Execution Vulnerability
Imperva SecureSphere Operations Manager version 9.0.0.5 Enterprise Edition suffers from path disclosure, command execution, and arbitrary file upload vulnerabilities. Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.201...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command...
Imperva SecureSphere Operations Manager Command Execution
Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.2013...
Imperva SecureSphere Operations Manager version 9.0.0.5 - Multiple issues
Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issues Risk: High Date: 27.May.2013...
Password autocompletion - ownCloud
Index.php aka the login page contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. Affected Software ownCloud Server 5.0...
Server: Password autocompletion
Index.php aka the login page contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. For more information please consult t...
SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass
Autocomplete Widgets module adds autocomplete widgets for Text and Number fields. The autocomplete callback implemented by this module does not honor node permissions to access existing fields, allowing users to see field values even though they are not authorized to access that information. This...
SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross site scripting (XSS)
This module extends Organic Groups to allow the manager of a group to select a new manager for their group ie if they want to leave the group. The autocomplete field for selecting a new manager didn't properly filter usernames. The vulnerability is mitigated by the fact that Drupal's default...
Design/Logic Flaw
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors...
CVE-2012-4471
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors...
CVE-2012-4471
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors...
CVE-2012-4471
The vulnerability CVE-2012-4471 affects the Drupal Search Autocomplete module for Drupal 7.x-2.x before 7.x-2.4, where access control to the module’s admin page is insufficiently restricted. This allows remote attackers to disable autocompletion or alter priority order via unspecified vectors. Th...
Drupal Search Autocomplete模块数据库API SQL注入漏洞
BUGTRAQ ID: 51667 CVE ID: CVE-2012-1638 Search Autocomplete模块允许您添加自动完成功能到Drupal网站的搜索字段 Drupal Search Autocomplete 7.x-2.1之前版本存在安全漏洞,可允许已经通过身份验证的、且具有"use searchautocomplete"权限的远程用户执行任意SQL命令 0 Drupal Search Autocomplete Module 7.x 厂商补丁: Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载,并更新到7.x-2.1:...