2356 matches found
in.com Open Redirect vulnerability
Vulnerable URL: http://www.in.com/logout.php?r=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:41 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 2272 Google Pagerank| 5...
wowchina.com Open Redirect vulnerability
Vulnerable URL: http://www.wowchina.com/battlenet/logout?redirecturl=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 16:24 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank|...
login.schibsted.com Open Redirect vulnerability
Vulnerable URL: https://login.schibsted.com/logout?oauthtoken=uri=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status...
Drupal Login Disable Module Security Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Login Disable is one of the modules that provides login denial functionality. A security vulnerability exists in the Drupal Login Disable module in versions 6.x-1.1 prior to 6.x-1.x and...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
Authentication flaw
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
CVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the userlogout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL...
CVE-2015-8082
The CVE-2015-8082 issue affects Drupal’s Login Disable module (versions 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2). The root cause is improper loading of the user_logout function, allowing remote attackers to bypass the module’s logout protection when a contributed authentication module (...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that certain Django functions would, in certain circumstances, create empty sessions. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions...
python-django: Denial-of-service possibility in logout() view by filling session store
It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.loginrequired. A remote attacker could use this flaw to fill up the...
CVE-2015-2027
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...
CVE-2015-2027
IBM WebSphere eXtreme Scale 7.1.0 (before 7.1.0.3) and 7.1.1 (before 7.1.1.1) is affected by a logout handling flaw that permits a local attacker to bypass access controls by leveraging an unattended workstation. The issue stems from improper logout actions within the eXtreme Scale component, ena...
CVE-2015-2027
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation...
IBM WebSphere eXtreme Scale Certificate Brute Force Breach Vulnerability
IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale failed to properly set up user logout functionality, allowing remote attackers to exploit a vulnerability to brute-force account credentials...
IBM WebSphere eXtreme Scale Security Bypass Vulnerability
IBM WebSphere eXtreme Scale is a distributed caching solution. IBM WebSphere Extreme Scale failed to properly handle logout operations, allowing an attacker to exploit a vulnerability to bypass security restrictions on other user sessions...
Apple iOS keychain information disclosure vulnerability
Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A vulnerability exists in Apple iOS keychain removal that allows an attacker to exploit a vulnerability to obtain Apple ID verification credentials after logging out of the iTunes Store...
When a 'Hacker News' Reader Tricked Me into visiting this Amazing Site (Don't Click at Work)
My usual bed routine is to check comments under my articles before I go to sleep. The same I was doing last night, but something weird happened to me. Someone posted a mysterious short link without any text below one of my articles on our official 'The Hacker News' Facebook Page, and with the...
Django logout function Denial-of-service
Security releases issued: 1.8.4, 1.7.10, 1.4.22CVE: 2015-5963Fix: Update/1.8.4/1.7.10/1.4.22/Add @loginrequiredDjango 官方在八月十八号发布多个版本更新,修复几个安全问题,其中便包括一个由编码不当导致的 DoS 漏洞,测试一些网站均存在此问题。Detaildjango.contrib.auth.views.logout 视图用于开发者实现用户注销退出功能,正常情况下对于 logout 视图应使用官方提供的...
The vulnerability of the Django web application framework, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the contrib.sessions.middleware.SessionMiddleware component in the Django web framework is related to a resource management error. Exploiting this vulnerability allows an attacker to cause service failures by sending a large number of requests to contrib.auth.views.logout,...