CVE-2017-11725

CVE-2017-11725 affects IBM Security Secret Server (Thycotic Secret Server) prior to 10.2.000019. The vulnerability resides in the share function where the Back Button is mishandled, causing unintended redirections (open redirect-like behavior) and potential user confusion or credential exposure r...

Google Silently Adds 'Panic Detection Mode" to Android 7.1 – How It's Useful

How often do you click the 'back' or the ‘Home’ button on your mobile device to exit an application immediately? I believe, several times in a single day because a large number of apps do not have an exit button to directly force-close them instead of going back and back and back until they exit...

Uber: Session retention is present which reveals the customer info

Issue : Session retention is present at partner.uber.com which reveals all senstive data Steps to reproduce : 1Login to partner.uber.com under any driver profile 2navigate to summary page or any page e.g payment page 3logout the application 4press back button of the application application reveal...

WordPress WP-Predict Plugin 1.0 - Blind SQL Injection

No description provided by source. Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0 =====================...

Localize: Business logic Failure - Browser cache management and logout vulnerability.

Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability. Vulnerability impact: Logging out from an application does not clear the browser cache of any sensitive information that have been stored. Steps to reproduce: 1. Login to portal. 2.browse few tabs 3...

CVE-2014-0861

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

Cross site scripting

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

CVE-2014-0861

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

WordPress Plugin WP-Predict 1.0 - Blind SQL Injection

WordPress Plugin WP-Predict 1.0 - Blind SQL Injection Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0...

Firefox directives to not cache pages ignored

Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...

CVE-2002-1849

ParaChat Server 4.0 is affected: it does not log users off if the browser back button is used, allowing remote attackers to cause a denial of service by repeatedly logging into a chat room, pressing back, and re-logging as a different user, which can fill the room with invalid users. Root cause: ...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

CVE-2002-1688

The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button...

CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

Using the backbutton in IE is dangerous

---..---..---..---..---..---..---..---..---..---..---..---..---- Title: Using the backbutton in IE is dangerous. Date: 2002-04-15 Software: At least Internet Explorer 6.0. Tested env: Windows 2000 pro, XP. Rating: Medium because user interaction is needed. Impact: Read cookies/local files and...