CVE-2016-0318

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

Design/Logic Flaw

Lifecycle Query Engine LQE in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation...

Bypass logout timeout

PMASA-2016-62 Announcement-ID: PMASA-2016-62 Date: 2016-11-25 Updated: 2016-12-06 Summary Bypass logout timeout Description With a crafted request parameter value it is possible to bypass the logout timeout. Severity We consider this vulnerability to be of moderate severity. Affected Versions All...

login.globo.com Open Redirect vulnerability

Vulnerable URL: https://login.globo.com/logout?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

ipsilon: DoS via logging out all open SAML2 sessions

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

CVE-2016-8638

A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions...

frenchcafe.co.kr XSS vulnerability

Vulnerable URL: http://www.frenchcafe.co.kr/SSO/LogOut.asp?jsoncallback=prompt/OPENBUGBOUNTY/...

F5 Networks BIG-IP : Configuration utility CSRF vulnerability (SOL21485342)

When an authenticated Configuration utility user visits a specially crafted web page, the user's current session can be logged out and unknowingly logged in to the Configuration utility using a different user account. C Tenable Network Security, Inc. The descriptive text and package checks in thi...

pcs: cookies are not invalidated upon logout

It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd...

login.athabascau.ca XSS vulnerability

Vulnerable URL: https://login.athabascau.ca/cas/logout?redirect=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

HackerOne: (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation

Summary: Login CSRF, Open Redirect, and Self-XSS Possible Exploitation through HackerOne SSO-SAML PoC - Go to █████; Use a browser window with clear cookies. Source-code: setTimeoutfunctiondocument.location.href = "https://hackerone.com/users/saml/signin?email=████&rememberme=true";, 5000; Impact...

Boozt Fashion AB: No csrf protection on logout

It was reported that by visiting /logout page user would be logged out...

hawaiian.navtechpbs.com XSS vulnerability

Vulnerable URL: https://hawaiian.navtechpbs.com/cgi-bin-xml/class/logout.cgi?message=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

Certly: Business logic Failure - Browser cache management and logout vulnerability in Certly

1.login the account. 2. browse any tabs or anything in the site 3. logout the account 4.click the back browser button and you are able to see the all previous page Related Topic: https://hackerone.com/reports/7909...

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...

CVE-2016-4531

Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon logout, enabling potential reuse of active sessions by an unattended workstation (CWE-613). Affected product: FactoryTalk EnergyMetrix web application; root cause: insufficient session expiration. CVS...

CVE-2016-0339

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

Fedora 24 : phpMyAdmin (2016-e3240782ec)

phpMyAdmin 4.6.2 2016-05-25 ============================= - security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14 - security Self XSS vulneratbility, see PMASA-2016-16 - Use https for documentation links - Fix schema export with too many tables - Avoid parsing no...