2382 matches found
CVE-2019-20077
The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability...
CVE-2019-20077
The vulnerability (CVE-2019-20077) affects Typesetter CMS 5.1 logout functionality where the admin panel logout is not protected by CSRF tokens. This CSRF weakness allows an attacker to trigger a logout of the authenticated user. The Red Hat and NVD entries corroborate this description across mul...
CVE-2014-3590
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...
Cross site request forgery (csrf)
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...
TeamViewer Information Disclosure Vulnerability
TeamViewer is a suite of software for remote control, desktop sharing and file transfer from the German company TeamViewer. A security vulnerability exists in the Chat feature in TeamViewer version 14.3.4730 Windows, which originates from the fact that after logging in, the program stores the...
GHSA-FMQW-VQH5-CWQ9 Apache NiFi user log out issue
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out t...
CVE-2019-19362
An issue was discovered in the Chat functionality of the TeamViewer desktop application 14.3.4730 on Windows. The vendor states that it was later fixed. Upon login, every communication is saved within Windows main memory. When a user logs out or deletes conversation history but does not exit the...
Apache NiFi Code Issue Vulnerability
Apache NiFi is a data processing and distribution system of the American Apache Apache Software Foundation. The system is primarily used for data routing, transformation and system intermediary logic. A code issue vulnerability exists in Apache NiFi versions 1.0.0 through 1.9.2, which can be...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.11.0: Never allow an empty password to validate 9682 9683 Prevent redirect to Host 9678 9679 Swagger hide search field 9554 Add "search" to reserved usernames 9063 Switch to fomantic-ui 9374 Only serve attachments when linked to issue/release and if accessible...
Clario: Affiliates - Session Fixation
SEVERITY: Medium LOCATION: ● https://affiliates.kromtech.com ISSUE DESCRIPTION: User can use the same session token after logout. Attacker can repeat request with token that should be marked as invalidated. PROOF OF VULNERABILITY: Request made after Logout with the same cookie value. curl -i -s -...
mod_auth_mellon: open redirect in logout url when using URLs with backslashes
A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. Thi...
CVE-2019-13497
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...
CVE-2019-13497
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...
Cross site request forgery (csrf)
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...
CVE-2019-13497
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...
Exploit for Cross-Site Request Forgery (CSRF) in Oneidentity Cloud_Access_Manager
CVE-2019-13497 Exploit Title: Cross Site Request Forgery CSR...
CVE-2018-14658
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...
CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...
DEBIAN-CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...
CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session...