Lucene search
K

2382 matches found

Cvelist
Cvelist
added 2020/01/05 10:5 p.m.17 views

CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...

4.7AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2020/01/05 10:5 p.m.81 views

CVE-2019-20077

The vulnerability (CVE-2019-20077) affects Typesetter CMS 5.1 logout functionality where the admin panel logout is not protected by CSRF tokens. This CSRF weakness allows an attacker to trigger a logout of the authenticated user. The Red Hat and NVD entries corroborate this description across mul...

4.3CVSS4.7AI score0.00409EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/01/02 8:15 p.m.25 views

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

6.5CVSS6.5AI score0.00522EPSS
Exploits0References3
Prion
Prion
added 2020/01/02 8:15 p.m.29 views

Cross site request forgery (csrf)

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

4.3CVSS7AI score0.00522EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/12/10 12:0 a.m.4 views

TeamViewer Information Disclosure Vulnerability

TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. A security vulnerability exists in the Chat feature in TeamViewer version 14.3.4730 Windows, which originates from the fact that after logging in, the program stores the...

6.5CVSS6.5AI score0.02079EPSS
Exploits1References1
OSV
OSV
added 2019/12/02 6:19 p.m.29 views

GHSA-FMQW-VQH5-CWQ9 Apache NiFi user log out issue

When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...

8.8CVSS8.7AI score0.01846EPSS
Exploits0References5
OSV
OSV
added 2019/12/02 3:15 a.m.4 views

CVE-2019-19362

An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...

6.5CVSS6AI score0.02079EPSS
Exploits1References1
CNVD
CNVD
added 2019/11/21 12:0 a.m.2 views

Apache NiFi Code Issue Vulnerability

Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi versions 1.0.0 through 1.9.2, which can be...

8.8CVSS7.2AI score0.01846EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2019/11/18 12:0 a.m.10 views

gitea -- multiple vulnerabilities

The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...

0.1AI score
Exploits0References2
Hacker One
Hacker One
added 2019/11/13 7:48 p.m.15 views

Clario: Affiliates - Session Fixation

SEVERITY: Medium LOCATION: ● https://affiliates.kromtech.com ISSUE DESCRIPTION: User can use the same session token after logout. Attacker can repeat request with token that should be marked as invalidated. PROOF OF VULNERABILITY: Request made after Logout with the same cookie value. curl -i -s -...

1.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/05 9:20 p.m.4 views

mod_auth_mellon: open redirect in logout url when using URLs with backslashes

A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...

6.1CVSS5.8AI score0.02131EPSS
Exploits0References4
OSV
OSV
added 2019/11/04 6:15 p.m.4 views

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

6.5CVSS6.6AI score0.00732EPSS
Exploits2References2
NVD
NVD
added 2019/11/04 6:15 p.m.19 views

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

6.5CVSS6.6AI score0.00732EPSS
Exploits2References2
Prion
Prion
added 2019/11/04 6:15 p.m.18 views

Cross site request forgery (csrf)

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

4.3CVSS6.6AI score0.00732EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/11/04 5:8 p.m.24 views

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

6.6AI score0.00732EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2019/11/02 12:29 p.m.58 views

Exploit for Cross-Site Request Forgery (CSRF) in Oneidentity Cloud_Access_Manager

CVE-2019-13497 Exploit Title: Cross Site Request Forgery CSR...

6.5CVSS6.6AI score0.00732EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2019/10/08 4:15 p.m.30 views

CVE-2018-14658

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

6.1CVSS1.8AI score0.01097EPSS
Exploits0References2
NVD
NVD
added 2019/09/17 4:15 p.m.30 views

CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

5.6CVSS4.9AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2019/09/17 4:15 p.m.3 views

DEBIAN-CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

4.4CVSS5.2AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2019/09/17 4:15 p.m.25 views

CVE-2019-14826

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...

4.4CVSS6.8AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder