Search
Find a vulnerability
Search criteria
4 vulnerabilities found for search_autocomplete by dominique_clause
CVE-2012-4471 (GCVE-0-2012-4471)
Vulnerability from nvd – Published: 2012-11-30 22:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
VEX
Summary
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/3 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1679422 | x_refsource_MISC |
| http://drupal.org/node/1649442 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/54379 | vdb-entryx_refsource_BID |
Date Public
2012-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:10.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1679422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1679422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name": "http://drupal.org/node/1679422",
"refsource": "MISC",
"url": "http://drupal.org/node/1679422"
},
{
"name": "http://drupal.org/node/1649442",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4471",
"datePublished": "2012-11-30T22:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:10.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1638 (GCVE-0-2012-1638)
Vulnerability from nvd – Published: 2012-09-19 21:00 – Updated: 2024-09-17 00:26
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/47731 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1410674 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/51667 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1416612 | x_refsource_CONFIRM |
| http://drupalcode.org/project/search_autocomplete… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1416612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-19T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1416612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47731"
},
{
"name": "http://drupal.org/node/1410674",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51667"
},
{
"name": "http://drupal.org/node/1416612",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1416612"
},
{
"name": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1638",
"datePublished": "2012-09-19T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:35.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4471 (GCVE-0-2012-4471)
Vulnerability from cvelistv5 – Published: 2012-11-30 22:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
VEX
Summary
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/3 | mailing-listx_refsource_MLIST |
| http://drupal.org/node/1679422 | x_refsource_MISC |
| http://drupal.org/node/1649442 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/54379 | vdb-entryx_refsource_BID |
Date Public
2012-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:10.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1679422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-29T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1679422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name": "http://drupal.org/node/1679422",
"refsource": "MISC",
"url": "http://drupal.org/node/1679422"
},
{
"name": "http://drupal.org/node/1649442",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1649442"
},
{
"name": "54379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4471",
"datePublished": "2012-11-30T22:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:10.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1638 (GCVE-0-2012-1638)
Vulnerability from cvelistv5 – Published: 2012-09-19 21:00 – Updated: 2024-09-17 00:26
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/47731 | third-party-advisoryx_refsource_SECUNIA |
| http://drupal.org/node/1410674 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/51667 | vdb-entryx_refsource_BID |
| http://drupal.org/node/1416612 | x_refsource_CONFIRM |
| http://drupalcode.org/project/search_autocomplete… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1416612"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-19T21:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1416612"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47731"
},
{
"name": "http://drupal.org/node/1410674",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1410674"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51667"
},
{
"name": "http://drupal.org/node/1416612",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1416612"
},
{
"name": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1638",
"datePublished": "2012-09-19T21:00:00.000Z",
"dateReserved": "2012-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:26:35.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}