UC Gateway Investment SiteEngine v5.0 - Open Redirect

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. id: CVE-2008-7269 info: name: UC Gateway Investment SiteEngine v5.0 - Open...

PT-2026-2834

The Perfit WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. This is due to missing authorization checks on the logout function called via the actions function hooked to admin init. This makes it possible for unauthenticated...

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie...

CVE-2021-34370

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information...

PT-2022-20302 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.36.12 Description: A Stored Cross Site Scripting XSS issue allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform...

IBM Cloud Pak for Business Automation访问控制错误漏洞

IBM Cloud Pak for Business Automation is a set of modular, integrated software components from International Business Machines Corporation IBM built for any hybrid cloud, designed to automate work and accelerate business growth.IBM Cloud Pak for Business Automation is vulnerable to an access...

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

Cross site request forgery (csrf)

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

D-Link DIR-629-B1 'weblogin_log' function buffer overflow vulnerability

The D-Link DIR-629-B1 is a router device from AUO D-Link. A security vulnerability exists in the 'webloginlog' function in /htdocs/cgibin in the D-Link DIR-629-B1. An attacker can exploit this vulnerability by sending a session.cgi?ACTION=logout request with a long REMOTEADDR environment variable...

Design/Logic Flaw

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...

CVE-2018-10990

The CVE-2018-10990 entry affects Arris Touchstone Telephony Gateway TG1682G (version 9.1.103J6). The vulnerability arises because a logout action does not immediately destroy all state related to the validity of the credential cookie, potentially allowing an attacker to retain access for some min...

bit.do XSS vulnerability

Open Bug Bounty ID: OBB-225943 Description| Value ---|--- Affected Website:| bit.do Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2015-0993

Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably

CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

logout.action is not protected against XSRF - CVE-2012-6342

Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...

logout.action is not protected against XSRF - CVE-2012-6342

Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...

logout.action is not protected against XSRF

This is a duplicate of CONF-21758. Please only resolve this ticket when CONF-21758 is fixed...

CVE-2008-7269

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...

CVE-2008-7269

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...