UBUNTU-CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

DEBIAN-CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

CVE-2019-7313

CVE-2019-7313 – Buildbot CRLF Injection : The flaw is in www/resource.py in Buildbot before 1.8.1, allowing CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. Root cause: missing input validation in the redirection code, enabling header manipulation ...

Schneider Electric IIoT Monitor AccountMgmt Logout XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Logout method of the AccountMgmt servlet. Due to the improper...

Fedora 28 : php-symfony (2018-eba0006df2)

Version 2.8.41 2018-05-25 - bug 27359 HttpFoundation Fix perf issue during MimeTypeGuesser intialization nicolas-grekas - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security...

CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

CVE-2018-15334

A cross-site request forgery CSRF vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication...

Mail.ru: Open Redirect In passport.maps.me/logout/?next=//fb.com/

Open redirect on passport.maps.me page...

keycloak: Open Redirect in Login and Logout

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

keycloak: Open Redirect in Login and Logout

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

keycloak: Open Redirect in Login and Logout

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

Gogs < 0.11.79 Multiple Vulnerabilities

Gogs is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

GHSA-49H4-G8P5-JGQ6 Moderate severity vulnerability that affects org.apache.juddi:juddi-client

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

Moderate severity vulnerability that affects org.apache.juddi:juddi-client

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that...

Security Bulletin: Vulnerabilities in IBM Rational ClearQuest (CVE-2014-8925)

Summary A cross site request forgery vulnerability was discovered and fixed in IBM Rational ClearQuest. An attacker may trigger a premature logout of a user, causing any work in progress to be lost. Vulnerability Details CVEID: CVE-2014-8925 DESCRIPTION: IBM Rational ClearQuest is vulnerable to...

Facebook Security Bug Affects 90M Users

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers hav...