14 matches found
EUVD-2017-6016
Malware in sbrugna...
EUVD-2008-7199
Malware in sbrugna...
EUVD-2023-51960
Malicious code in bioql PyPI...
CVE-2023-47870
Cross-Site Request Forgery CSRF, Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6...
CVE-2008-7241
Cross-site request forgery CSRF vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout...
CVE-2023-47870
Cross-Site Request Forgery CSRF, Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF, Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6...
Forced Logout
Overview Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to...
GHSA-68HW-VFH7-XVG8 Forced Logout in keycloak-connect
Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to version 4.4...
Forced Logout in keycloak-connect
Versions of keycloak-connect prior to 4.4.0 are vulnerable to Forced Logout. The package fails to validate JWT signatures on the /klogout route, allowing attackers to logout users and craft malicious JWTs with NBF values that prevent user access indefinitely. Recommendation Upgrade to version 4.4...
Rapid7 Cross-Site Request Forgery Vulnerability
Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...
CVE-2017-14515
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service temporary HTTP outage and forced logout via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout...
CVE-1999-0355
CVE-1999-0355 affects ControlIT 4.5, where local or remote users can force a reboot or log out, causing a denial of service. The PT-1999-1044 entry confirms affected software and the DoS behavior but does not provide a fix or patched version in the supplied materials. No exploitation details or i...