Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1973
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values...
Autocomplete Widgets Project Autocomplete Widgets 7.x-1.x
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.1
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.2
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.3
Autocomplete Widgets Project Autocomplete Widgets 6.x-1.0
NA
CVE-2012-6645
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x prior to 6.x-1.26, 7.x-1.x, and 7.x-2.x prior to 7.x-2.0-alpha8 for Drupal allows remote malicious users to inject arbitrary web script or HTML via the title of a node, a diffe...
Danielb Finder 7.x-2.0
Danielb Finder 7.x-1.3
Danielb Finder 7.x-1.4
Danielb Finder 6.x-1.0
Danielb Finder 6.x-1.1
Danielb Finder 6.x-1.10
Danielb Finder 6.x-1.18
Danielb Finder 6.x-1.19
Danielb Finder 6.x-1.4
Danielb Finder 6.x-1.5
Danielb Finder 7.x-1.5
Danielb Finder 7.x-1.6
Danielb Finder 6.x-1.11
Danielb Finder 6.x-1.12
Danielb Finder 6.x-1.13
Danielb Finder 6.x-1.24
Danielb Finder 6.x-1.23
Danielb Finder 6.x-1.9
Danielb Finder 6.x-1.8
Danielb Finder 7.x-2.x
Danielb Finder 7.x-1.0
Danielb Finder 7.x-1.x
NA
CVE-2013-2047
The login page (aka index.php) in ownCloud prior to 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate malicious users to guess the password.
Owncloud Owncloud 5.0.0
Owncloud Owncloud
Owncloud Owncloud 5.0.1
Owncloud Owncloud 5.0.2
Owncloud Owncloud 5.0.3
Owncloud Owncloud 5.0.4
NA
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 up to and including 8.5.2.1 and 9.x up to and including 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm Sametime 8.5.2.1
Ibm Sametime 9.0.0.0
Ibm Sametime 9.0.0.1
Ibm Sametime 8.5.2.0
NA
CVE-2013-4025
IBM Data Studio Web Console 3.x prior to 3.2, Optim Performance Manager 5.x prior to 5.2, InfoSphere Optim Configuration Manager 2.x prior to 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote ...
Ibm Infosphere Optim Configuration Manager 2.1
Ibm Data Studio Web Console 3.1.0
Ibm Db2 Recovery Expert 2.0
Ibm Infosphere Optim Configuration Manager 2.0
Ibm Optim Performance Manager 5.1.0
NA
CVE-2013-1925
The Chaos Tool Suite (ctools) module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.1
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.x
NA
CVE-2013-4091
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote malicious users to obtain access by ...
Imperva Securesphere 9.0.0.5
1 EDB exploit
NA
CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x prior to 6.x-1.4 and 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving autocomplete results.
Alejandro Garza Apachesolr Autocomplete 6.x-1.3
Alejandro Garza Apachesolr Autocomplete 6.x-1.x
Alejandro Garza Apachesolr Autocomplete 7.x-1.x
Alejandro Garza Apachesolr Autocomplete 6.x-1.0
Alejandro Garza Apachesolr Autocomplete 6.x-1.1
Alejandro Garza Apachesolr Autocomplete 6.x-1.2
Alejandro Garza Apachesolr Autocomplete 7.x-1.0
Alejandro Garza Apachesolr Autocomplete 7.x-1.1
Alejandro Garza Apachesolr Autocomplete 7.x-1.2
NA
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension prior to 0.0.9 for TYPO3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Raphael Zschorsch Rzautocomplete 0.0.2
Raphael Zschorsch Rzautocomplete 0.0.7
Raphael Zschorsch Rzautocomplete 0.0.8
Raphael Zschorsch Rzautocomplete 0.0.5
Raphael Zschorsch Rzautocomplete 0.0.6
Raphael Zschorsch Rzautocomplete 0.0.3
Raphael Zschorsch Rzautocomplete 0.0.4
NA
CVE-2013-0317
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x prior to 7.x-2.1 for Drupal might allow remote malicious users to inject arbitrary web script or HTML via the username in the new manager autocomplete field.
Joe Haskins Og Manager Change 7.x-2.x
Joe Haskins Og Manager Change 7.x-2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »