Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-34007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. CVE-2024-34007 Note that...

8.8CVSS7.7AI score0.00314EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 a.m.8 views

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

7.5CVSS7.4AI score0.01645EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.5 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which stems from a lack of CSRF protection for the logout feature, which allows an attacker to send a CSV file to the victim to view uploaded data...

8.8CVSS6.7AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/22 12:0 a.m.7 views

PT-2024-36781 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 and earlier REDCap versions up to 15.0.0 Description: The issue stems from the absence of Cross-Site Request Forgery CSRF protections on the logout functionality in the Project Dashboards name, allowing malicious action...

8.8CVSS6.2AI score0.0024EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2024/10/14 12:0 a.m.8 views

PT-2024-37046 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...

5.9CVSS7.2AI score0.00209EPSS
Exploits0References10
NVD
NVD
added 2015/11/06 9:59 p.m.20 views

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

7.5CVSS7AI score0.01645EPSS
Exploits0References5
Prion
Prion
added 2015/11/06 9:59 p.m.10 views

Authentication flaw

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

7.5CVSS7.5AI score0.01645EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2015/11/06 9:0 p.m.47 views

CVE-2015-8082

The CVE-2015-8082 issue affects Drupal’s Login Disable module (versions 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2). The root cause is improper loading of the user_logout function, allowing remote attackers to bypass the module’s logout protection when a contributed authentication module (...

7.5CVSS7.2AI score0.01645EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/11/06 9:0 p.m.28 views

CVE-2015-8082

The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...

7AI score0.01645EPSS
Exploits0References5
Rows per page
Query Builder