CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

Apache NiFi Code Issue Vulnerability

Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi versions 1.0.0 through 1.9.2, which can be...

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...

Clario: Affiliates - Session Fixation

SEVERITY: Medium LOCATION: ● https://affiliates.kromtech.com ISSUE DESCRIPTION: User can use the same session token after logout. Attacker can repeat request with token that should be marked as invalidated. PROOF OF VULNERABILITY: Request made after Logout with the same cookie value. curl -i -s -...

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

Cross site request forgery (csrf)

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

Exploit for Cross-Site Request Forgery (CSRF) in Oneidentity Cloud_Access_Manager

CVE-2019-13497 Exploit Title: Cross Site Request Forgery CSR...

CVE-2018-14658

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

DEBIAN-CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

UBUNTU-CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

CVE-2019-0352

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages like jsp are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout...

CVE-2019-3754

Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, Dell EMC UnityVSA versions prior to 5.0.0.0.5.116 and Dell EMC VNXe3200 versions prior to 3.1.10.9946299 contain a reflected cross-site scripting vulnerability on the cas/logout page. A remote unauthenticated attacker could...

CVE-2019-15820

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmisavesettings authentication...

PT-2019-5369

Name of the Vulnerable Software and Affected Versions FreeIPA versions 4.5.0 and later Description The issue is related to incorrect session expiration. An attacker could exploit this to gain access to a session if they obtain previously valid session cookies. Recommendations For FreeIPA versions...

Cisco Integrated Management Controller Supervisor, Cisco UCS Director and Cisco UCS Director Express for Big Data Privilege Permission and Access Control Issues Vulnerabilities

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. A privileg...