CVE-2018-11406

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

Liberapay: Returning back from the browser after logging off will disclose some information

Summary : --------- Hi, I found an issue that is after signing out from the account and click back button continuously from the browser it will disclose sensitive information in all pages that the user open it when he is using his account like for example identity page . I believe that this issue...

Drupal Automated Logout Module HTML Injection Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An HTML injection vulnerability exists in Drupal's Automated Logout module that stems from a failure to adequately validate user input. An attacker could exploit this...

Arris Touchstone Telephony Gateway TG1682G Privileged Access Vulnerability

The Arris Touchstone Telephony Gateway TG1682G is an all-in-one Modem modem router from the Arris Group of Companies. A security vulnerability exists in the Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6, which stems from a logout operation that fails to immediately clear all state ...

D-Link DIR-629-B1 'weblogin_log' function buffer overflow vulnerability

The D-Link DIR-629-B1 is a router device from AUO D-Link. A security vulnerability exists in the 'webloginlog' function in /htdocs/cgibin in the D-Link DIR-629-B1. An attacker can exploit this vulnerability by sending a session.cgi?ACTION=logout request with a long REMOTEADDR environment variable...

CVE-2018-10990

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...

Design/Logic Flaw

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...

CVE-2018-10990

The CVE-2018-10990 entry affects Arris Touchstone Telephony Gateway TG1682G (version 9.1.103J6). The vulnerability arises because a logout action does not immediately destroy all state related to the validity of the credential cookie, potentially allowing an attacker to retain access for some min...

CVE-2018-10990

On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...

Shopify: Session works after logout from Shopify account

@Cryptographer reported if a logout request for a given session was received during the time a product creation request was in progress from the same session, it was possible the logout request could fail. We determined this was the result of a race condition in how we were updating and revoking...

EulerOS 2.0 SP2 : ipsilon (EulerOS-SA-2018-1013)

According to the version of the ipsilon packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what...

Cross site scripting

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting XSS attack is possible in the clientId parameter of a request...

CVE-2018-1190

An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting XSS attack is possible in the clientId parameter of a request...

CVE-2018-1190

CVE-2018-1190 affects Pivotal Cloud Foundry components, causing a cross-site scripting (XSS) vulnerability in the clientId parameter of the UAA OpenID Connect check session iframe used for single logout. Affected versions include cf-release prior to v270, UAA v3.x before v3.20.2, and UAA bosh rel...

TP-Link TL-SG108E Denial of Service Vulnerability

The TP-Link TL-SG108E is a Gigabit Ethernet switch from China P&L TP-LINK. A denial of service vulnerability exists in the Device Logout function in the TP-Link TL-SG108E version 1.0.0 due to weak access control. A remote attacker can exploit the vulnerability to invoke the logout function and...

CVE-2017-17747

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition...

CVE-2017-17747

CVE-2017-17747 affects the TP-Link TL-SG108E, firmware 1.0.0, where the Logout.htm function has weak access control and can be called from any IP address. This allows an attacker to terminate an authenticated session on a target device, potentially triggering a denial-of-service condition and mak...

ovirt-engine: webadmin log out must logout all sessions

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

Catalyst Mahara User Login Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 prior to 15.04.8, 15.10 prior to 15.10.4, and 16.04 prior to 16.04.2, which stems fr...

Catalyst Mahara Session Fixation Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara version 15.04 prior to 15.04.7 and version 15.10 prior to 15.10.3, which stems from a session ID no...