Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-4724
IBM Cognos Analytics 11.0 and 11.1 could allow a remote malicious user to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130.
Ibm Cognos Analytics 11.0.0
Ibm Cognos Analytics 11.1.0
Netapp Oncommand Insight -
NA
CVE-2008-3644
Apple Safari prior to 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Apple Safari
Apple Safari 1.0
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari 2.0.3 417.9.3
Apple Safari 2.0.4
Apple Safari 3.0.2
Apple Safari 3.0.3
Apple Safari 3.1.1
Apple Safari 1.1
Apple Safari 0.8
Apple Safari 1.1.1
Apple Safari 1.2.1
Apple Safari 1.3.2
Apple Safari 2
Apple Safari 2.0.4 419.3
Apple Safari 2.0 Pre
Apple Safari 3.0.4
Apple Safari 1.0.3
Apple Safari 1.2
Apple Safari 1.2.4
Apple Safari 1.2.5
NA
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and previous versions does not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Zohocorp Manageengine Netflow Analyzer -
7.5
CVSSv3
CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote malicious user to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
Ibm Cognos Analytics 11.0.0
Ibm Cognos Analytics 11.1.0
Netapp Oncommand Insight -
NA
CVE-2012-2012
HP System Management Homepage (SMH) prior to 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Hp System Management Homepage 6.3.1
Hp System Management Homepage 2.1.12-118
Hp System Management Homepage 2.1.8-177
Hp System Management Homepage 2.1.6-156
Hp System Management Homepage 6.0.0.96
Hp System Management Homepage 6.0
Hp System Management Homepage 3.0.1-73
Hp System Management Homepage 2.1.5
Hp System Management Homepage 2.0.1.104
Hp System Management Homepage 2.1.9
Hp System Management Homepage 2.1.2.127
Hp System Management Homepage 2.0.1
Hp System Management Homepage 2.0.0
Hp System Management Homepage 2.1.3.132
Hp System Management Homepage 6.1.0.102
Hp System Management Homepage 2.1.15.210
Hp System Management Homepage 6.2.0
Hp System Management Homepage 2.1.3
Hp System Management Homepage 6.3.0
Hp System Management Homepage 2.1.2
Hp System Management Homepage 2.1.4-143
Hp System Management Homepage 2.1.2-127
NA
CVE-2011-4278
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x prior to 1.9.11 and 2.0.x prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.2
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
NA
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation.
Smartertools Smarterstats 6.0
NA
CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote malicious users to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Nicholas Thompson Node Quick Find 6.x-1.1
NA
CVE-2009-4520
The CCK Comment Reference module 5.x prior to 5.x-1.2 and 6.x prior to 6.x-1.3, a module for Drupal, allows remote malicious users to bypass intended access restrictions and read comments by using the autocomplete path.
Kristof De Jaeger Commentreference
Kristof De Jaeger Commentreference 5.x-1.x-dev
Kristof De Jaeger Commentreference 6.x-1.1
Kristof De Jaeger Commentreference 6.x-1.0
Kristof De Jaeger Commentreference 6.x-1.x-dev
Kristof De Jaeger Commentreference 5.x-1.0
NA
CVE-2012-4589
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) prior to 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Mcafee Enterprise Mobility Manager 4.7
Mcafee Enterprise Mobility Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »