129 matches found
CVE-2013-1973
CVE-2013-1973 affects the Drupal contributed module Autocomplete Widgets for Text and Number Fields . The vulnerability lies in the autocomplete callback not properly enforcing node permissions, enabling remote authenticated users to obtain sensitive field values via unspecified vectors. Affected...
SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass
Autocomplete Widgets module adds autocomplete widgets for Text and Number fields. The autocomplete callback implemented by this module does not honor node permissions to access existing fields, allowing users to see field values even though they are not authorized to access that information. This...
CVE-2008-1916
Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the 1 address and 2 order information, which are later displayed on the order view page and...
CVE-2008-1916
Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the 1 address and 2 order information, which are later displayed on the order view page and...
CVE-2007-4693
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."...
Sql injection
Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA aka Omegasoft INterneSErvicesLosungen INSEL allow remote attackers to execute arbitrary SQL commands via 1 user-created text fields; the 2 F05003, 3 F05005, and 4 F05015 fields; and other unspecified standard fields...
CVE-2007-2992
Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA aka Omegasoft INterneSErvicesLosungen INSEL allow remote attackers to execute arbitrary SQL commands via 1 user-created text fields; the 2 F05003, 3 F05005, and 4 F05015 fields; and other unspecified standard fields...
static XSS / SQL-Injection in Omegasoft Insel
Input passed to fields in OmegaMw7's tables isn't properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site and/or inject SQL-Commands This applies to many many standard fields i...
Cross site scripting
Cross-site scripting XSS vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry...