Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

CVE-2015-0218

Moodle CSRF vulnerability CVE-2015-0218 affects the logout path in auth/shibboleth/logout.php. The issue allows remote attackers to hijack the authentication of arbitrary users via logout-triggering requests in Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x b...

Legal Robot: CSRF

Security researcher identified a logout CSRF attack, which was later patched...

Microsoft Windows ADFS Information Disclosure Vulnerability

Active Directory is a directory service for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. An information disclosure vulnerability exists when Active Directory Federation Services ADFS fails to properly log out a user. An attacker can exploit the vulnerability ...

CVE-2015-0993

Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably

Slack: Logout any user of same team

It is possible for a user to logout other member of same team even if they had selected Keep me signed in option. Steps to Verify: 1. Login to your team i.e https://yourteamname.slack.com. 2. On new tab on the same browser request a url which would be like...

Inductive Automation Ignition Invalid Session Expires Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...

CVE-2014-8925

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

CVE-2014-8925

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

CVE-2014-8925

CVE-2014-8925 is a CSRF vulnerability in IBM Rational ClearQuest Web. It affects IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7. The issue is caused by improper validation in the DoLogout action, allowing an authenticated user to be logged out v...

Moodle Shibboleth Validation Plugin Force Quit Vulnerability

Moodle is an open source web-based teaching and learning application. A security vulnerability exists in Moodle multimedia that allows attackers to exploit this vulnerability to force a user to log out via the Shibboleth authentication plugin...

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...

ovirt-engine-webadmin: does not invalidate all sessions upon logout

It was found that oVirt did not correctly terminate sessions when a user logged out from the web interface. Upon logout, only the engine session was invalidated but the restapi session persisted. An attacker able to obtain the session data, and able to log in with their own credentials, could...

IBM WebSphere Service Registry and Repository Expected Access Restriction Bypass Vulnerability

The IBM WebSphere Service Registry and Repository WSRR is a master metadata repository for endpoint descriptions of service interactions from IBM in the U.S. It provides functionality for storing, accessing, and managing information about services, and is a key component of SOA implementations. A...

DFLabs PTK Cross-Site Request Forgery Vulnerability

DFLabs PTK is a powerful collection of digital investigative, forensic tools. A cross-site request forgery vulnerability exists in versions of DFLabs PTK prior to 1.0.5, which allows remote attackers to hijack an administrator's or researcher's authentication to trigger a logout request...

CVE-2012-1415

Cross-site request forgery CSRF vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in lib/logout.php in DFLabs PTK 1.0.5 and earlier allows remote attackers to hijack the authentication of administrators or investigators for requests that trigger a logout...

CVE-2014-6110

IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation...