EUVD-2011-1661

Malware in sbrugna...

CVE-2011-1661

The Node Quick Find module 6.x-1.1 for Drupal does not use dbrewritesql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature...

CVE-2011-1661

The CVE-2011-1661 entry affects the Drupal Node Quick Find module 6.x-1.1. The vulnerability arises because the module does not use db_rewrite_sql when presenting node titles, allowing an attacker to bypass access restrictions and read potentially sensitive node titles via the autocomplete featur...

CVE-2011-1661

The Node Quick Find module 6.x-1.1 for Drupal does not use dbrewritesql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature...

SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure

The Node Quick Find module provides a block to quickly access nodes by title via an auto-completing text field. The module does not use dbrewritesql when generating the list of node titles, allowing users to see the titles of nodes to which they may not have access. Access to the node itself is n...

CVE-2005-4292

Cross-site scripting XSS vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature...

CVE-2005-4292

CVE-2005-4292 affects CommerceSQL 1.0 and earlier. Vulnerable due to cross-site scripting via unspecified search module parameters, possibly the keywords parameter in Quick Find, enabling remote injection of arbitrary script/HTML. No remediation details or exploit status provided in the connected...