12 matches found
EUVD-2008-3081
Malware in sbrugna...
EUVD-2008-3082
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors...
Sql injection
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-3092
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-3091
Cross-site scripting XSS vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3091
Cross-site scripting XSS vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-3091
CVE-2008-3091 concerns a cross-site scripting (XSS) vulnerability in Drupal’s Taxonomy Autotagger module, affecting 5.x releases prior to 5.x-1.8. The issue allows remote-authenticated users with create or edit post permissions to inject arbitrary web script or HTML via unspecified vectors. The c...
CVE-2008-3092
The CVE-2008-3092 entry concerns the Drupal Taxonomy Autotagger module (5.x) with versions before 5.x-1.8. The vulnerability is an SQL injection that remote authenticated users with create/edit post permissions can trigger via unspecified vectors, potentially allowing arbitrary SQL execution. Aff...
CVE-2008-3092
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors...
Drupal Taxonomy Autotagger模块多个输入验证漏洞
BUGTRAQ ID: 30067 CNCAN ID:CNCAN-2008070704 Drupal Taxonomy Autotagger是一款Drupal产品中的标签处理模块。 Drupal Taxonomy Autotagger存在输入验证错误,远程攻击者可以利用漏洞进行SQL注入或跨站脚本攻击。 模块没有正确使用Drupal数据库API,并直接使用用户提供的数据进行查询,可导致恶意攻击者进行SQL注入攻击,另外限制部分值没有进行过滤,可导致跨站脚本攻击。 Drupal Taxonomy Autotagger 5.x-1.7 升级到最新版本:...
SA-2008-041 - Taxonomy autotagger - Multiple vulnerabilities
The Taxonomy Autotagger will automatically tag a post with terms from a vocabulary if the terms are found in the content of the post. The module does not properly use Drupal's database API and inserts values supplied by users directly into queries. This can be exploited by malicious users with th...