DSA-2262-1 moodle - several

Bulletin has no description...

Debian DSA-2262-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0002 Cross-site request forgery vulnerability in RSS block - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete - MSA-11-0008 IMS...

[SECURITY] [DSA 2262-1] moodle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...

CVE-2011-2155

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)

Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while...

Mozilla untrusted events can trigger autocomplete popup (MFSA 2011-14)

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls...

Mozilla Firefox < 3.5.19 Multiple Vulnerabilities

Binary data 5900.prm...

Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities

Binary data 801238.prm...

CVE-2011-1661

The Node Quick Find module 6.x-1.1 for Drupal does not use dbrewritesql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature...

CVE-2010-4569

Cross-site scripting XSS vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI...

CVE-2010-4569

CVE-2010-4569 is an XSS vulnerability in Bugzilla affecting versions 3.7.1, 3.7.2, 3.7.3, and 4.0rc1. The issue arises in Bugzilla’s user account real name field, related to the YUI AutoComplete widget, allowing remote attackers to inject arbitrary script/HTML. The connected records confirm the B...

Google Chrome multiple vulnerabilities - October 10(Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnoct10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - October 10Linux Authors: Madhuri D Copyright: Copyright c 2010 Greenbone...

Google Chrome multiple vulnerabilities - October 10(Windows)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnoct10win.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - October 10Windows Authors: Madhuri D Copyright: Copyright c 2010 Greenbone...

CVE-2010-4033

Removed by vendor...

CVE-2010-4033

CVE-2010-4033 affects Google Chrome versions before 7.0.517.41, where the browser’s autofill/autocomplete implementation allows remote attackers to perform “profile spamming” via unspecified vectors. The NVD entry describes the vulnerability as an issue with autofill/autocomplete, with a CVSS v2 ...

Google Chrome < 7.0.517.41 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 7.0.517.41. Such versions are reportedly affected by multiple vulnerabilities : - It is possible to spam profiles via autofill / autocomplete. Issue 48225, 51727 - An unspecified crash exists relating to forms. Issue 48857 ...

CVE-2010-0808

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."...

Information disclosure

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."...

CVE-2010-0808

CVE-2010-0808 represents an information disclosure vulnerability in Microsoft Internet Explorer 6 and 7 (on Windows XP and Windows Vista) where scripted AutoComplete actions could be used to capture previously entered form data via a malicious page. The issue arises from IE’s AutoComplete feature...

CVE-2010-0808

Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplete Information Disclosure Vulnerability."...