13 matches found
EUVD-2008-2842
Malware in sbrugna...
EUVD-2008-2843
Malware in sbrugna...
TrailScout Module For Drupal Session Cookie SQL Injection
The remote host is running TrailScout, a third-party module for Drupal that displays a breadcrumb-like trail showing pages a user recently visited on a site. The version of the TrailScout module installed on the remote host fails to sanitize user-supplied input to the session cookie before using ...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-2850
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API...
Cross site scripting
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
Sql injection
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API...
CVE-2008-2849
Cross-site scripting XSS vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-2850
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API...
CVE-2008-2850
CVE-2008-2850 describes a SQL injection in the TrailScout module for Drupal (5.x before 5.x-1.4). The vulnerability arises because the module does not sanitize user input in the session cookie before using it in database queries, enabling remote attackers to manipulate queries and potentially dis...
CVE-2008-2849
CVE-2008-2849 affects the Drupal TrailScout module (5.x) prior to 5.x-1.4. The issue is a Cross-site Scripting (XSS) vulnerability that can be triggered by remote authenticated users with create post permissions, enabling insertion of arbitrary web script or HTML via unspecified vectors. The sour...
SA-2008-037 - TrailScout - XSS and SQL injection
The TrailScout module displays a number of last visited pages as breadcrumbs. The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross sit...