CVE-2017-11135

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...

CVE-2017-11135

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...

Fedora 26 : php-pear-CAS (2017-2f3096ba16)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

Legal Robot: Intercom chat session information persists after logout

Hi team, While testing i look for session related issues but It seems that The Site is Will protected For such problems But a little Issue related to that i wanted to mention here... When A user Sign-In to his account he can see a Little chat button on Bottom right corner of the page After...

IBM Emptoris Strategic Supply Management Platform Denial of Service Vulnerability

IBM Emptoris Strategic Supply Management is a common Web-based portal access to the Emptoris suite of products management platform from IBM. A security vulnerability exists in the authentication feature in IBM Emptoris Strategic Supply Management versions 10.0.0.x through 10.1.1.x. The...

Pulse Connect Secure 'logout.cgi' Cross-Site Request Forgery Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A cross-site request forgery vulnerability in the logout.cgi file in PCS version 8.3R1 exists because the program fails to protect the administrator panel wit...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

Cross site request forgery (csrf)

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

Mail.ru: The auth token does not expire on logging out and even after logging out all sessions

API token for web.icq.com was not expired after user logout...

How to Load Balance XenMobile Server Admin Portal

This article will guide you to load balance the XenMobile admin portal running on port 4443. Load balancing the admin portal will ease your XenMobile administration when you have cluster of XenMobile servers with which you can access the admin portal using one single load balancing IP instead of...

WakaTime: Session Not Expired On Logout

Hi Wakatime Security Team, There is a session management vulnerability in your website. i.e. user's session is not expiring immediately after the logout. You can get more information of the vulnerability here -...

WakaTime: Logout CSRF

Cross-Site Request Forgery CSRF logout application Because of that gap, he updates a man's attack in the middle and is exposed to the agent and all his personal data at risk This may cause the web to be compromised I will send a test script and a video explaining everything about the problem...

Weblate: Full Name Overwrite on Third party login

Description After one might have logged in on a browser using the Third party login Google and have made changes to the account like the Full name. Making a third party login on another browser using the same email overwrites the Full name to the name on the email. One would know he is logged in...

CVE-2016-4909

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

CVE-2016-4909

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

CVE-2016-4909

Cross-site request forgery CSRF vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors...

Open Redirect Vulnerability in Multiple Pivotal Products at Login

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release version of PC...

CVE-2015-3190

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter...