Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
5
CVSSv2
CVE-2011-2759
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 prior to 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leverag...
Ibm Tivoli Directory Server 6.2
Ibm Tivoli Directory Server 6.2.0.0
Ibm Tivoli Directory Server 6.2.0.1
Ibm Tivoli Directory Server 6.2.0.2
3.5
CVSSv2
CVE-2018-3764
In Nextcloud Contacts prior to 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged u...
Nextcloud Contacts
5
CVSSv2
CVE-2010-2353
The Node Reference module in Content Construction Kit (CCK) module 6.x prior to 6.x-2.7 for Drupal does not perform access checks for the source field in the backend URL for the autocomplete widget, which allows remote malicious users to discover titles and IDs of controlled node...
Yves Chedemois Cck 6.x-2.6
Yves Chedemois Cck 6.x-2.5
Yves Chedemois Cck 6.x-2.0
Yves Chedemois Cck 6.x-2.1
Yves Chedemois Cck 6.x-2.3
Yves Chedemois Cck 6.x-2.2
Yves Chedemois Cck 6.x-1.x-dev
Yves Chedemois Cck 6.x-2.4
Yves Chedemois Cck 6.x-3.x-dev
Yves Chedemois Cck 6.x-2.x-dev
Yves Chedemois Cck 6.x-1.0-alpha
4.3
CVSSv2
CVE-2015-4375
The Chaos tool suite (ctools) module 7.x-1.x prior to 7.x-1.7 for Drupal allows remote malicious users to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity.
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.5
Chaos Tool Suite Project Ctools 7.x-1.3
10
CVSSv2
CVE-2011-4730
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as dem...
Parallels Parallels Plesk Panel 10.2.0 Build1011110331.18
10
CVSSv2
CVE-2011-4739
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation, as demonstrated by fo...
Parallels Parallels Plesk Panel 10.2.0 Build20110407.20
4.3
CVSSv2
CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI prior to 1.10.0 allows remote malicious users to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the aut...
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Hpc Node 7.0
Jqueryui Jquery Ui 1.10.0
3.5
CVSSv2
CVE-2018-3763
In Nextcloud Calendar prior to 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by pr...
Nextcloud Calendar
Nextcloud Calendar 1.6.0
NA
CVE-2023-30149
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via...
Ebewe City Autocomplete
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »