Lucene search
K

129 matches found

CVE
CVE
added 2014/06/09 7:0 p.m.50 views

CVE-2013-1973

CVE-2013-1973 affects the Drupal contributed module Autocomplete Widgets for Text and Number Fields . The vulnerability lies in the autocomplete callback not properly enforcing node permissions, enabling remote authenticated users to obtain sensitive field values via unspecified vectors. Affected...

4CVSS6.2AI score0.01094EPSS
Exploits0References5Affected Software1
Drupal
Drupal
added 2013/04/17 12:0 a.m.22 views

SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass

Autocomplete Widgets module adds autocomplete widgets for Text and Number fields. The autocomplete callback implemented by this module does not honor node permissions to access existing fields, allowing users to see field values even though they are not authorized to access that information. This...

4CVSS6.3AI score0.01094EPSS
Exploits0References16
NVD
NVD
added 2008/04/23 1:5 p.m.24 views

CVE-2008-1916

Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the 1 address and 2 order information, which are later displayed on the order view page and...

4.3CVSS5.7AI score0.01022EPSS
Exploits0References3
Cvelist
Cvelist
added 2008/04/22 12:0 a.m.26 views

CVE-2008-1916

Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the 1 address and 2 order information, which are later displayed on the order view page and...

5.7AI score0.01022EPSS
Exploits0References3
NVD
NVD
added 2007/11/15 1:46 a.m.23 views

CVE-2007-4693

The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."...

7.2CVSS6.5AI score0.00389EPSS
Exploits1References8
Prion
Prion
added 2007/06/04 4:30 p.m.17 views

Sql injection

Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA aka Omegasoft INterneSErvicesLosungen INSEL allow remote attackers to execute arbitrary SQL commands via 1 user-created text fields; the 2 F05003, 3 F05005, and 4 F05015 fields; and other unspecified standard fields...

7.5CVSS9.3AI score0.01293EPSS
Exploits0References7
NVD
NVD
added 2007/06/04 4:30 p.m.15 views

CVE-2007-2992

Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA aka Omegasoft INterneSErvicesLosungen INSEL allow remote attackers to execute arbitrary SQL commands via 1 user-created text fields; the 2 F05003, 3 F05005, and 4 F05015 fields; and other unspecified standard fields...

7.5CVSS8.5AI score0.01293EPSS
Exploits0References7
securityvulns
securityvulns
added 2007/06/01 12:0 a.m.47 views

static XSS / SQL-Injection in Omegasoft Insel

Input passed to fields in OmegaMw7's tables isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and/or inject SQL-Commands This applies to many many standard fields i...

0.4AI score
Exploits0
Prion
Prion
added 2006/05/09 10:2 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry...

5.8CVSS6.1AI score0.01458EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder