IBM Security Identity Manager Design Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

CVE-2016-0315

The Report Builder and Data Collection Component DCC in IBM Jazz Reporting Service JRS 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation...

Moneybird: Logging out any user

Reporter found a minor CSRF vulnerability in the logout functionality. We have taken measurements to prevent this problem in the future...

FantasyTote: Bypass logout

Hi again , you can logout any user by sending him this link : Poc link : https://www.fantasytote.com/logout...

Medical Study Blasts Hospitals' Security Practices

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations PDF,” offers a fascinating look behind the privacy...

JIRA puts a user's XSRF token in various resources.

h5.Steps to Reproduce: Log into JIRA Log out from JIRA h5.Expected Results: The URL shown in the address bar does not show the atltoken value h5.Actual Results: The URL shown in the address bar shows the atltoken value h5.Impact After checking with the security teams, this appears to be a low ris...

JIRA puts a user's XSRF token in various resources.

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61250. panel h5. Steps to Reproduce: Log into JIRA Log out from JIRA h5. Expected Results: The URL shown in the address bar does not show the...

MediaLink MWN-WAPR300N Insecure Session

MediaLink router MWN-WAPR300N - Several Vulnerabilities The vulnerabilities reported here are for the firmware version currently being shipped by Amazon.com. This is hardware version 2.0, firmware version V5.07.51enMDL01 . I have no knowledge of the behavior of previous versions of this router...

Unspecified Vulnerability in Oracle E-Business Suite Application Object Library Component

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Oracle Application Object Library AOL, Application Object Library is one of the system management components. An unspecified vulnerability exists in t...

CVE-2016-3434

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout...

CVE-2016-3434

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout...

CVE-2016-3434

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout...

CVE-2016-3434

CVE-2016-3434 affects Oracle E-Business Suite through the Oracle Application Object Library (AOL) in versions 12.1.3, 12.2.3, 12.2.4, and 12.2.5. The root cause is an unspecified vulnerability in the Logout subcomponent of AOL that could allow a remote attacker to compromise data integrity via th...

CVE-2016-3434

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout...

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

PHPmongoDB 1.0.0 - Multiple Vulnerabilities Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link:...

login.plu.cn XSS vulnerability

Vulnerable URL: http://login.plu.cn/user/logout?returnurl=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 1...

georgieawards.ca XSS vulnerability

Vulnerable URL: http://georgieawards.ca/account/logout?returnUrl=javascript:alert/XSSPOSED/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1905041 Google Pagerank| 3 VIP website...

Uber: Session retention is present which reveals the customer info

Issue : Session retention is present at partner.uber.com which reveals all senstive data Steps to reproduce : 1Login to partner.uber.com under any driver profile 2navigate to summary page or any page e.g payment page 3logout the application 4press back button of the application application reveal...

pasion.com XSS vulnerability

Vulnerable URL: http://www.pasion.com/mis-anuncios/?logout//--alert/XSSPOSED/...