CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

CVE-2013-7347

CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...

CVE-2014-0633

The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation...

CVE-2014-0633

EMC VPLEX GeoSynchrony GUI has a session-timeout validation flaw in versions 4.x and 5.x prior to 5.3, which could allow remote attackers to execute arbitrary code by leveraging an unattended workstation. The issue affects VPLEX GeoSynchrony 4.0–5.2.1, with EMC recommending upgrading to version 5...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

Design/Logic Flaw

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-4958

Puppet Enterprise prior to version 3.0.1 is affected by CVE-2013-4958 due to not using a session timeout. This enables a local attacker with an unattended workstation to escalate privileges. The issue is described across multiple advisories (Red Hat, SUSE, Ubuntu, Debian, CVE lists) with the same...

CVE-2013-4958

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...

CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

Design/Logic Flaw

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

CVE-2013-0527

The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not close pages upon the timeout of a session, which allows physically proximate attackers to obtain sensitive administrative-console information by reading the screen of an unattended workstation...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities

Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...

Fedora 9 : phpMyAdmin-3.0.1.1-1.fc9 (2008-9316)

This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...

Fedora 8 : phpMyAdmin-3.0.1.1-1.fc8 (2008-9336)

This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...