CVE-2012-0323

Cross-site scripting XSS vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-0323

CVE-2012-0323 concerns the SquirrelMail Autocomplete plugin prior to version 3.0, which contains a cross-site scripting (XSS) vulnerability that can allow an attacker to inject arbitrary script or HTML via unspecified vectors. The vulnerability affects the Autocomplete component used in SquirrelM...

SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...

JVN#56653852: SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection

CVE: CVE-2012-1638 The Search Autocomplete module allows you to add autocomplete functionality to the search fields of a Drupal site. Search Autocomplete does not properly use Drupal's database API, making it possible for a malicious user to carryout SQL injection on the site. This vulnerability ...

CVE-2011-4851

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...

CVE-2011-4757

Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files...

CVE-2011-4730

The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in...

Authentication flaw

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...

CVE-2011-4851

The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...

CVE-2011-4730

The vulnerability CVE-2011-4730 affects Parallels Plesk Panel 10.2.0_build1011110331.18, specifically its Server Administration Panel. The underlying issue is that the password form field is generated without disabling the browser autocomplete feature, which can allow an attacker to bypass authen...

CVE-2011-4851

The CVE-2011-4851 entry concerns Parallels Plesk Panel 10.4.4_build20111103.18. The Control Panel generates a password form field without disabling autocomplete, enabling attackers to bypass authentication on unattended workstations, as demonstrated by forms in server/google-tools/ and other file...

SuSE 10 Security Update : Mozilla XULrunner (ZYPP Patch Number 7492)

Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, a...

CVE-2011-4677

Vulnerability : CVE-2011-4677 affects One Click Orgs prior to 1.2.3. Root cause : authentication fields lack the off autocomplete attribute, enabling credential exposure on unattended workstations. Impact : supports easier access by remote attackers as described in sources; exact exploit details,...

CVE-2009-5100

Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password...

CVE-2009-5100

Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password...

WordPress Search Autocomplete Plugin <= 1.0.8 - SQL Injection

Search Autocomplete plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstati...

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstati...

[SECURITY] [DSA 2262-1] moodle security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...