CVE-2017-1000131

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...

Automated Logout - Moderately critical - Cross Site Scripting - SA-CONTRIB-2017-081

This module provides a site administrator the ability to log users out after a specified time of inactivity. It is highly customizable and includes "site policies" by role to enforce log out. The module does not sufficiently filter user-supplied text that is stored in the configuration, resulting...

Red Hat oVirt Privilege Acquisition Vulnerability

Red Hat Ovirt is the United States Red Hat Red Hat company's set of open source virtualization management platform , is the RHEV enterprise virtualization platform of the open source version , by ovirt-node client and overt-engine management side . A security vulnerability exists in Red Hat oVirt...

UBUNTU-CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

CVE-2015-6961

CVE-2015-6961 is an open redirect vulnerability affecting Web2py 2.9.11 in the gluon/tools.py file. The issue allows a remote attacker to craft a URL with the _next parameter (to user/logout) that redirects victims to an arbitrary site, enabling phishing-style redirects. Public references confirm...

CVE-2015-6961

Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to user/logout...

PT-2017-6113 · Red Hat · Ovirt

Name of the Vulnerable Software and Affected Versions: oVirt versions 3.2.2 through 3.5.0 Description: The issue allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user, due to the...

ProMinent MultiFLEX M10a Controller Authentication Bypass Vulnerability

The MultiFLEX M10a Controller is a water treatment controller. An authentication bypass vulnerability exists in ProMinent MultiFLEX M10a Controller, where the logout feature in the application deletes a user's session on the client side only. An attacker can exploit the vulnerability to bypass...

Rapid7 Cross-Site Request Forgery Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site request forgery vulnerability exists in the Web UI in versions prior to Rapid7 Metasploit 4.14.1-20170828. A remote attacker could exploit this vulnerability to cause a denial of service forc...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

Cross site request forgery (csrf)

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

CVE-2017-15084

The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...

The vulnerability of the eonweb (logout.php) component of the support service program, designed for implementing the library process (ITIL), EyesOfNetwork, allows a hacker to circumvent access control rules.

The vulnerability of the eonweb logout.php component of the support service program, designed for implementing ITIL library processes, relates to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to bypass access restrictions and gain remote...

CVE-2017-14515

Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service temporary HTTP outage and forced logout via unspecified vectors...

delight.im: Logout CSRF

Hello, I Found Cross-Site Request Forgery CSRF on logout POC: "https://www.moviecontentfilter.com/logout" Reproduction: - Login to your account 2- Open the link "https://www.moviecontentfilter.com/logout"...

CVE-2016-2965

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...

CVE-2016-2965

IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...

IBM Sametime Meetings Server Denial of Service Vulnerability (CNVD-2017-26408)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in the Sametime chat...

CVE-2017-11135

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...