Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4776
IBM License Metric Tool 9 prior to 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
7.5
CVSSv3
CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote malicious user to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
Ibm Cognos Analytics 11.0.0
Ibm Cognos Analytics 11.1.0
Netapp Oncommand Insight -
NA
CVE-2012-2012
HP System Management Homepage (SMH) prior to 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Hp System Management Homepage 6.3.1
Hp System Management Homepage 2.1.12-118
Hp System Management Homepage 2.1.8-177
Hp System Management Homepage 2.1.6-156
Hp System Management Homepage 6.0.0.96
Hp System Management Homepage 6.0
Hp System Management Homepage 3.0.1-73
Hp System Management Homepage 2.1.5
Hp System Management Homepage 2.0.1.104
Hp System Management Homepage 2.1.9
Hp System Management Homepage 2.1.2.127
Hp System Management Homepage 2.0.1
Hp System Management Homepage 2.0.0
Hp System Management Homepage 2.1.3.132
Hp System Management Homepage 6.1.0.102
Hp System Management Homepage 2.1.15.210
Hp System Management Homepage 6.2.0
Hp System Management Homepage 2.1.3
Hp System Management Homepage 6.3.0
Hp System Management Homepage 2.1.2
Hp System Management Homepage 2.1.4-143
Hp System Management Homepage 2.1.2-127
NA
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and previous versions does not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Zohocorp Manageengine Netflow Analyzer -
NA
CVE-2008-3644
Apple Safari prior to 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Apple Safari
Apple Safari 1.0
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari 2.0.3 417.9.3
Apple Safari 2.0.4
Apple Safari 3.0.2
Apple Safari 3.0.3
Apple Safari 3.1.1
Apple Safari 1.1
Apple Safari 0.8
Apple Safari 1.1.1
Apple Safari 1.2.1
Apple Safari 1.3.2
Apple Safari 2
Apple Safari 2.0.4 419.3
Apple Safari 2.0 Pre
Apple Safari 3.0.4
Apple Safari 1.0.3
Apple Safari 1.2
Apple Safari 1.2.4
Apple Safari 1.2.5
NA
CVE-2011-4278
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x prior to 1.9.11 and 2.0.x prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.2
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
NA
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation.
Smartertools Smarterstats 6.0
NA
CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote malicious users to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Nicholas Thompson Node Quick Find 6.x-1.1
4.3
CVSSv3
CVE-2017-5866
The autocomplete feature in the E-Mail share dialog in ownCloud Server prior to 8.1.11, 8.2.x prior to 8.2.9, 9.0.x prior to 9.0.7, and 9.1.x prior to 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.
Owncloud Owncloud 9.0.6
Owncloud Owncloud 8.2.5
Owncloud Owncloud 8.2.2
Owncloud Owncloud 8.2.3
Owncloud Owncloud 9.0.0
Owncloud Owncloud 9.1.1
Owncloud Owncloud 9.0.5
Owncloud Owncloud 8.2.4
Owncloud Owncloud 8.2.7
Owncloud Owncloud 9.0.2
Owncloud Owncloud
Owncloud Owncloud 9.0.3
Owncloud Owncloud 9.0.4
Owncloud Owncloud 8.2.0
Owncloud Owncloud 8.2.1
Owncloud Owncloud 9.0.1
Owncloud Owncloud 9.1.0
Owncloud Owncloud 9.1.2
Owncloud Owncloud 8.2.6
Owncloud Owncloud 8.2.8
NA
CVE-2012-4589
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) prior to 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Mcafee Enterprise Mobility Manager 4.7
Mcafee Enterprise Mobility Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »