Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
autocomplete vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4776
IBM License Metric Tool 9 prior to 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ibm License Metric Tool 9.0
Ibm License Metric Tool 9.0.1
Ibm License Metric Tool 9.1.0.1
7.5
CVSSv3
CVE-2019-4723
IBM Cognos Analytics 11.0 and 11.1 could allow a remote malicious user to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129.
Ibm Cognos Analytics 11.0.0
Ibm Cognos Analytics 11.1.0
Netapp Oncommand Insight -
NA
CVE-2012-2012
HP System Management Homepage (SMH) prior to 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Hp System Management Homepage 6.3.1
Hp System Management Homepage 2.1.12-118
Hp System Management Homepage 2.1.8-177
Hp System Management Homepage 2.1.6-156
Hp System Management Homepage 6.0.0.96
Hp System Management Homepage 6.0
Hp System Management Homepage 3.0.1-73
Hp System Management Homepage 2.1.5
Hp System Management Homepage 2.0.1.104
Hp System Management Homepage 2.1.9
Hp System Management Homepage 2.1.2.127
Hp System Management Homepage 2.0.1
Hp System Management Homepage 2.0.0
Hp System Management Homepage 2.1.3.132
Hp System Management Homepage 6.1.0.102
Hp System Management Homepage 2.1.15.210
Hp System Management Homepage 6.2.0
Hp System Management Homepage 2.1.3
Hp System Management Homepage 6.3.0
Hp System Management Homepage 2.1.2
Hp System Management Homepage 2.1.4-143
Hp System Management Homepage 2.1.2-127
NA
CVE-2008-3644
Apple Safari prior to 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Apple Safari
Apple Safari 1.0
Apple Safari 1.3
Apple Safari 1.3.1
Apple Safari 2.0.3 417.9.3
Apple Safari 2.0.4
Apple Safari 3.0.2
Apple Safari 3.0.3
Apple Safari 3.1.1
Apple Safari 1.1
Apple Safari 0.8
Apple Safari 1.1.1
Apple Safari 1.2.1
Apple Safari 1.3.2
Apple Safari 2
Apple Safari 2.0.4 419.3
Apple Safari 2.0 Pre
Apple Safari 3.0.4
Apple Safari 1.0.3
Apple Safari 1.2
Apple Safari 1.2.4
Apple Safari 1.2.5
NA
CVE-2015-4418
Zoho NetFlow Analyzer build 10250 and previous versions does not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Zohocorp Manageengine Netflow Analyzer -
NA
CVE-2011-4278
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x prior to 1.9.11 and 2.0.x prior to 2.0.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.2
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
NA
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation.
Smartertools Smarterstats 6.0
NA
CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote malicious users to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Nicholas Thompson Node Quick Find 6.x-1.1
NA
CVE-2010-4569
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote malicious users to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0
NA
CVE-2012-4589
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) prior to 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Mcafee Enterprise Mobility Manager 4.7
Mcafee Enterprise Mobility Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »