Request Tracker -- information exposure vulnerability

Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...

CVE-2023-40537

An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-40537

CVE-2023-40537 affects BIG-IP on multi-blade VIPRION: an authenticated user’s session cookie may remain valid briefly after logout, enabling potential reuse to access management interfaces and execute commands. The vulnerability is limited to VIPRION multi-blade configurations and does not affect...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

CVE-2023-35857

CVE-2023-35857 affects Siren Investigate prior to 13.2.2. The issue is that session keys remain active after logout, enabling potential unauthorized access to user sessions. The CVSS v3.1 score is 9.8 (CRITICAL) with network attack vector, no privileges required, and no user interaction. Affected...

RosarioSIS improper access control vulnerability

RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information PII and sensitive information even after logging out of the application by using the browser's back button...

phpmyfaq -- CSRF vulnerability

phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid CSRF when logging out an user...

Improper Authentication

moodle is using Improper Authentication. The vulnerability exists in logoutdbsession function in helper.php where a session hijack risk was identified in the shibboleth authentication plugin, in which the sessions weren't killed after the user logging out...

CVE-2022-35728 iControl REST vulnerability CVE-2022-35728

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging...

CVE-2022-22283

Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App...

TaleLin Lin-CMS-Flask Access Control Error Vulnerability

TaleLin Lin-CMS-Flask is a content management system framework. an access control error vulnerability exists in TaleLin Lin-CMS-Flask, stemming from incorrect access control in Lin-CMS-Flask v0.1.1, which could be exploited by an attacker to obtain sensitive information and/or because the...

Insecure Session Management

october/rain uses insecure session management. Lack of proper validation of session ID at logging out allows an attacker with an old invalid session ID to bypass intended Auth/Manager.php authentication behavior during a new login...

CVE-2020-12626

Roundcube Webmail (Roundcube Webmail) CVE-2020-12626 is a CSRF vulnerability where an attacker can cause an authenticated user to be logged out by abusing POST requests. The issue arises from incorrect handling of login/logout POSTs and is documented across multiple connected sources, including D...

Insecure Logout

intercom-rails is vulnerable to insecure logouts. The library does not delete cookies on a user logging out, meaning that users aren't properly signed out, allowing a malicious user to access the system as a different user...

When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)

My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the...

Localize: Business logic Failure - Browser cache management and logout vulnerability.

Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability. Vulnerability impact: Logging out from an application does not clear the browser cache of any sensitive information that have been stored. Steps to reproduce: 1. Login to portal. 2.browse few tabs 3...