MediaWiki 1.34.0 URL Redirect Vulnerability - Windows

MediaWiki is prone to a URL redirect vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Shopify: Session works after logout from Shopify account and password of online store is displayed

When a user creates a Shopify Lite Plan account, in the product creation stage when the account has not been upgraded, the store's password is enabled such that any visitor who wants to access the store is required to enter password before being granted access to view the products listed in the...

User content can redirect the logout button to different URL

More info at https://phabricator.wikimedia.org/T232932...

IBM Content Navigator Session Fixation Vulnerability

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator version 3.0CD, which originates from a session remaining active after logout. An...

CVE-2020-4253

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Date: 2020-02-26 Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.php Version: V-1.0 Tested on: ubuntu...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit

Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...

CVE-2020-8952

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...

CVE-2013-4792

PrestaShop before 1.4.11 allows logout CSRF...

Cross site request forgery (csrf)

PrestaShop before 1.4.11 allows logout CSRF...

CVE-2013-4792

CVE-2013-4792 affects PrestaShop up to version 1.4.11 (pre-1.4.11). The underlying issue is a CSRF on the logout action, enabling an attacker to cause a user to log out. The description does not provide exploit details or a confirmed exploit status. Remediation indicated by typical vulnerability ...

Linux: SSH LogLevel

INFO level is the basic level that only records login activity of SSH users. In many situations, such as Incident Response, it is important to determine when a particular user was active on a system. The logout record can eliminate those users who disconnected, which helps narrow the field. VERBO...

EulerOS Virtualization for ARM 64 3.0.5.0 : xorg-x11-server (EulerOS-SA-2020-1062)

According to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows...

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

Cross site request forgery (csrf)

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

CVE-2019-20077

The vulnerability (CVE-2019-20077) affects Typesetter CMS 5.1 logout functionality where the admin panel logout is not protected by CSRF tokens. This CSRF weakness allows an attacker to trigger a logout of the authenticated user. The Red Hat and NVD entries corroborate this description across mul...

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

Cross site request forgery (csrf)

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

TeamViewer Information Disclosure Vulnerability

TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. A security vulnerability exists in the Chat feature in TeamViewer version 14.3.4730 Windows, which originates from the fact that after logging in, the program stores the...