Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-12932
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
Seeddms Seeddms 5.1.11
NA
CVE-2012-0680
Apple Safari prior to 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote malicious users to bypass authentication by leveraging an unattended workstation.
Apple Safari 3.0.1
Apple Safari 3.1.1b
Apple Safari 4.0.0b
Apple Safari 4.0
Apple Safari 2.0.3
Apple Safari 2.0.4
Apple Safari 1.2.4
Apple Safari 1.2.5
Apple Safari 3.2.0b
Apple Safari 3.1.2b
Apple Safari 3
Apple Safari 1.1.1
Apple Safari 4.0.1
Apple Safari 2.0.1
Apple Safari 2.0.2
Apple Safari 1.2.2
Apple Safari 1.2.3
Apple Safari 1.0
Apple Safari 1.0.3
Apple Safari 1.3.2
Apple Safari 5.0.5
Apple Safari 1.3.0
4.3
CVSSv3
CVE-2017-2609
jenkins prior to 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have...
Jenkins Jenkins
5.5
CVSSv3
CVE-2021-39045
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local malicious user to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345.
Ibm Cognos Analytics 11.1.7
Ibm Cognos Analytics
Netapp Oncommand Insight -
NA
CVE-2011-4677
One Click Orgs prior to 1.2.3 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Oneclickorgs One Click Orgs 1.1.0
Oneclickorgs One Click Orgs 1.0.0
Oneclickorgs One Click Orgs
Oneclickorgs One Click Orgs 1.2.1
Oneclickorgs One Click Orgs 1.2.0
Oneclickorgs One Click Orgs 1.1.1
Oneclickorgs One Click Orgs 1.0.1
NA
CVE-2009-5100
Pentaho BI Server 1.7.0.1062 and previous versions does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate malicious users to obtain the password.
Pentaho Bi Server 1.2.0
Pentaho Bi Server 1.6.0
Pentaho Bi Server
NA
CVE-2013-2047
The login page (aka index.php) in ownCloud prior to 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate malicious users to guess the password.
Owncloud Owncloud 5.0.0
Owncloud Owncloud
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.3
Owncloud Owncloud 5.0.4
NA
CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module prior to 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
Dominique Clause Search Autocomplete
Dominique Clause Search Autocomplete 7.x-1.0
Dominique Clause Search Autocomplete 6.x-2.3
Dominique Clause Search Autocomplete 6.x-2.2
Dominique Clause Search Autocomplete 6.x-1.0
Dominique Clause Search Autocomplete 5.x-1.0
Dominique Clause Search Autocomplete 6.x-2.0
Dominique Clause Search Autocomplete 5.x-1.x
Dominique Clause Search Autocomplete 6.x-2.1
NA
CVE-2014-8524
McAfee Network Data Loss Prevention (NDLP) prior to 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote malicious users to obtain sensitive information via unspecified vectors.
Mcafee Network Data Loss Prevention 9.2.1
Mcafee Network Data Loss Prevention 8.6
Mcafee Network Data Loss Prevention
Mcafee Network Data Loss Prevention 9.2.0
NA
CVE-2014-4776
IBM License Metric Tool 9 prior to 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »