Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4832
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote malicious...
Ibm Infosphere Information Server 8.1
Ibm Infosphere Information Server 8.5
Ibm Infosphere Information Server 8.5.0.1
Ibm Infosphere Information Server 8.5.0.2
Ibm Infosphere Information Server 8.7
Ibm Infosphere Business Glossary 8.1.1
Ibm Infosphere Business Glossary 8.1.2
8.8
CVSSv3
CVE-2019-15701
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote malicious users to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import d...
Bloodhound Project Bloodhound 2.2.0
NA
CVE-2007-4363
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) prior to 4.7.x-1.6, and 5.x prior to 5.x-1.6 ,allow remote malicious users to inject arbitrary web script or HTML via nodereference fields, when using (1) the ...
Drupal Content Construction Kit 4.7
Drupal Content Construction Kit 5.2
8.5
CVSSv3
CVE-2015-7928
eWON devices with firmware prior to 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
NA
CVE-2024-2279
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 prior to 16.9.4, all versions starting from 16.10 prior to 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to ...
5.4
CVSSv3
CVE-2022-25349
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be ex...
Materializecss Materialize
9.8
CVSSv3
CVE-2023-26443
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly ...
Open-xchange Open-xchange Appsuite Backend
NA
CVE-2013-4025
IBM Data Studio Web Console 3.x prior to 3.2, Optim Performance Manager 5.x prior to 5.2, InfoSphere Optim Configuration Manager 2.x prior to 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote ...
Ibm Infosphere Optim Configuration Manager 2.1
Ibm Data Studio Web Console 3.1.0
Ibm Db2 Recovery Expert 2.0
Ibm Infosphere Optim Configuration Manager 2.0
Ibm Optim Performance Manager 5.1.0
NA
CVE-2010-1548
The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x prior to 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=c...
Chaos Tool Suite Project Ctools 6.x-1.3
Chaos Tool Suite Project Ctools 6.x-1.0
Chaos Tool Suite Project Ctools 6.x-1.x
Chaos Tool Suite Project Ctools 6.x-1.2
Chaos Tool Suite Project Ctools 6.x-1.1
9.8
CVSSv3
CVE-2020-5211
In NetHack prior to 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid ...
Nethack Nethack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »