Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45696
Sametime is impacted by sensitive fields with autocomplete enabled in the Legacy web chat client. By default, this allows user entered data to be stored by the browser.
445
VMScore
CVE-2012-0680
Apple Safari prior to 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote malicious users to bypass authentication by leveraging an unattended workstation.
Apple Safari 3.0.1
Apple Safari 3.1.1b
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 2.0.3
Apple Safari 2.0.4
Apple Safari 1.2.4
Apple Safari 1.2.5
Apple Safari 3.2.0b
Apple Safari 3.1.2b
Apple Safari 3
Apple Safari 1.1.1
Apple Safari 4.0.1
Apple Safari 2.0.1
Apple Safari 2.0.2
Apple Safari 1.2.2
Apple Safari 1.2.3
Apple Safari 1.0
Apple Safari 1.0.3
Apple Safari 1.3.2
Apple Safari 5.0.5
Apple Safari 1.3.0
383
VMScore
CVE-2019-12932
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
Seeddms Seeddms 5.1.11
NA
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local malicious user to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
Ibm Cognos Analytics 11.1.7
Ibm Cognos Analytics
Netapp Oncommand Insight -
668
VMScore
CVE-2011-4677
One Click Orgs prior to 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Oneclickorgs One Click Orgs 1.1.0
Oneclickorgs One Click Orgs 1.0.0
Oneclickorgs One Click Orgs
Oneclickorgs One Click Orgs 1.2.1
Oneclickorgs One Click Orgs 1.2.0
Oneclickorgs One Click Orgs 1.1.1
Oneclickorgs One Click Orgs 1.0.1
445
VMScore
CVE-2014-8524
McAfee Network Data Loss Prevention (NDLP) prior to 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Mcafee Network Data Loss Prevention 9.2.1
Mcafee Network Data Loss Prevention 8.6
Mcafee Network Data Loss Prevention
Mcafee Network Data Loss Prevention 9.2.0
534
VMScore
CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module prior to 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
Dominique Clause Search Autocomplete
Dominique Clause Search Autocomplete 7.x-1.0
Dominique Clause Search Autocomplete 6.x-2.3
Dominique Clause Search Autocomplete 6.x-2.2
Dominique Clause Search Autocomplete 6.x-1.0
Dominique Clause Search Autocomplete 5.x-1.0
Dominique Clause Search Autocomplete 6.x-2.0
Dominique Clause Search Autocomplete 5.x-1.x
Dominique Clause Search Autocomplete 6.x-2.1
187
VMScore
CVE-2009-5100
Pentaho BI Server 1.7.0.1062 and previous versions does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate malicious users to obtain the password.
Pentaho Bi Server 1.2.0
Pentaho Bi Server 1.6.0
Pentaho Bi Server
187
VMScore
CVE-2013-2047
The login page (aka index.php) in ownCloud prior to 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate malicious users to guess the password.
Owncloud Owncloud 5.0.0
Owncloud Owncloud
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.3
Owncloud Owncloud 5.0.4
187
VMScore
CVE-2014-4776
IBM License Metric Tool 9 prior to 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »