Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1925
The Chaos Tool Suite (ctools) module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.x
5.5
CVSSv3
CVE-2019-4444
IBM API Connect 2018.1 up to and including 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force I...
Ibm Api Connect
NA
CVE-2014-4450
The QuickType feature in the Keyboards subsystem in Apple iOS prior to 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for malicious users to discover credentials by reading credential values within unintended DOM input el...
Apple Iphone Os
NA
CVE-2011-4757
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and cert...
Parallels Parallels Plesk Small Business Panel 10.2.0
NA
CVE-2014-4788
IBM Initiate Master Data Service 9.5 prior to 9.5.093013, 9.7 prior to 9.7.093013, 10.0 prior to 10.0.093013, and 10.1 prior to 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by ...
Ibm Initiate Master Data Service 10.1
Ibm Initiate Master Data Service 9.5
Ibm Initiate Master Data Service 9.7
Ibm Initiate Master Data Service 10.0
7.5
CVSSv3
CVE-2021-35527
Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows malicious user to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions.
Hitachienergy Esoms
NA
CVE-2011-4851
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by for...
Parallels Parallels Plesk Panel 10.4.4 Build20111103.18
NA
CVE-2012-2298
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x prior to 6.x-1.5 for Drupal allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks...
Nancy Wichmann Realname 6.x-1.0
Nancy Wichmann Realname 6.x-1.1
Nancy Wichmann Realname 6.x-1.3
Drupal Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.x
Nancy Wichmann Realname 6.x-1.2
Nancy Wichmann Realname 6.x-1.4
NA
CVE-2013-0317
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x prior to 7.x-2.1 for Drupal might allow remote malicious users to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
Joe Haskins Og Manager Change 7.x-2.x
Joe Haskins Og Manager Change 7.x-2.0
NA
CVE-2011-4749
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by...
Parallels Parallels Plesk Panel 10.3.1 Build1013110726.09
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »