CVE-2015-3190

The CVE-2015-3190 issue affects Cloud Foundry components where the UAA logout link can be used as an open redirect. Affected versions include cf-release v209 or earlier, UAA standalone v2.2.6 or earlier, and Cloud Foundry Runtime v1.4.5 or earlier. The underlying vulnerability allows an attacker ...

Uber: Session not expired When logout [partners.uber.com]

Hi, Summary ========= partners.uber.com website is not expiring the user's session immediately after logout. when user logout, the session not expired, and still can send request and the server respond response with OKAY Steps to Reproduce: - Log into the website - partners.uber.com - Capture any...

Design/Logic Flaw

After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...

CVE-2015-5241

Apache jUDDI versions 3.1.2–3.1.5 are affected by an open redirect vulnerability in the logout JSP page, allowing an attacker to redirect users to an arbitrary page after login/logout. The issue stems from the logout flow in the portlets-based UI (Pluto, jUDDI Portal, UDDI Portal, uddi-console). ...

Open Redirect

Apache jUDDI is vulnerable to open redirect attacks. There is a flaw which leads the logout jsp page to redirect to the login page after logging out of the portal. Therefore, a malicious user can use the flaw to redirect to an unintended web page. This would be done after the clearing of user...

Mail.ru: Xss в https://e.mail.ru/

Приветствую , Я нашел xss на https://e.mail.ru/ , похоже, это self-xss, но, возможно,в будущем вы будите планировать расшаривать данную функциональность и это будет не self-xss, в том числе комбинация csrf logout/csrf login может расширить её функционал. Алсо, эта self-xss обходит текущие правила...

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

Cross site request forgery (csrf)

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

shib_auth Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-043

This module enables you to login via Shibboleth. The module doesn't sufficiently logout the user when the shib session expires, which depending on the caching mechanism makes private data public. This vulnerability is mitigated by the fact that shibauth would have to be used in combination with a...

cmdbet.com XSS vulnerability

Vulnerable URL: http://www.cmdbet.com/Main/logout.aspx?code='-confirmOPENBUGBOUNTY-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 446225 VIP website status:| No Coordinated...

Weblate: Invalidate session after password reset - hosted website

Hey team, The Hosted Website doesn't invalidate session after the password is reset. It's one of the OWASP recommendations to terminate the session when a password is changed and force the user to re-login. Quote from OWASP: Renew the Session ID After Any Privilege Level Change The session ID mus...

Weblate: Logout CSRF

Hi Team, This is a low risk but want you to know that logout on this domain demo.weblate.org did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://demo.webplate.org/accounts/logout/. Logout should have post method with a valid csrf token. Let ...

Fedora 24 : php-pear-CAS (2017-d9d620366e)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

bit.do XSS vulnerability

Open Bug Bounty ID: OBB-225943 Description| Value ---|--- Affected Website:| bit.do Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

accounts.cancer.org XSS vulnerability

Vulnerable URL: https://accounts.cancer.org/logout?redirectURL=https://www.xssposed.org/...

Multiple Jensen of Scandinavia Air:Link 'return-url' parameter open redirect vulnerability

Air:Link 3G, Air:Link 5000AC, Air:Link 59300 are routers from Jensen of Scandinavia, Norway. An open redirect vulnerability exists in the handling of the 'return-url' parameter on the /goform/formLogout page of multiple Jensen of Scandinavia Air:Link products. An attacker can construct a maliciou...

UBUNTU-CVE-2017-7358

In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out...

Reflected Cross-Site Scripting Vulnerability in YXcmsApp V1.4.3 'logout' Function

Yxcms is an enterprise building system based on PHP and mysql technology. A reflective cross-site scripting vulnerability exists in the YXcmsApp V1.4.3 'logout' function. It allows an attacker to construct an XSS statement to perform a pop-up box operation and obtain information such as user...

Insecure Logout

WildFly Elytron Web is vulnerable to insecure logout. The vulnerability exists because HttpServletRequest.logout does not perform a successful logout if Elytron security is used...

Denial Of Service (DoS)

keycloak-saml-core is vulnerable to denial of service DoS attacks. The vulnerability exists due to the mishandling of a Logout request with an Extensions in the middle of the request...