9 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-34007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. CVE-2024-34007 Note that...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
REDCap 安全漏洞
REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which stems from a lack of CSRF protection for the logout feature, which allows an attacker to send a CSV file to the victim to view uploaded data...
PT-2024-36781 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 and earlier REDCap versions up to 15.0.0 Description: The issue stems from the absence of Cross-Site Request Forgery CSRF protections on the logout functionality in the Project Dashboards name, allowing malicious action...
PT-2024-37046 · Unknown · Password Pusher
Name of the Vulnerable Software and Affected Versions: Password Pusher versions 1.50.3 and prior Description: A vulnerability has been reported in Password Pusher where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session tok...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
Authentication flaw
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
CVE-2015-8082
The CVE-2015-8082 issue affects Drupal’s Login Disable module (versions 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2). The root cause is improper loading of the user_logout function, allowing remote attackers to bypass the module’s logout protection when a contributed authentication module (...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...