2382 matches found
rhn_satellite_6: cross-site request forgery (CSRF) can force logout
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...
The vulnerability of the Moodle learning management system allows a perpetrator to bypass the authentication process for arbitrary users.
The vulnerability of the auth/shibboleth/logout.php component of the Moodle learning management system is related to the。 Exploiting this vulnerability could allow a malicious actor, operating remotely, to bypass authentication procedures for arbitrary users using specially crafted requests...
Zendesk: Security Missconfiguration in Autologin
Here I am addressing Critical misconfiguration in autologin feature 1. Open the link in the browser https://dashboard.zopim.com/home and enter your username and password and don't tick select the option Always sign in automatically and login 2. now logout from your account 3. now you logged out...
CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
UBUNTU-CVE-2015-0218
Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...
CVE-2015-0218
Moodle CSRF vulnerability CVE-2015-0218 affects the logout path in auth/shibboleth/logout.php. The issue allows remote attackers to hijack the authentication of arbitrary users via logout-triggering requests in Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x b...
Legal Robot: CSRF
Security researcher identified a logout CSRF attack, which was later patched...
Microsoft Windows ADFS Information Disclosure Vulnerability
Active Directory is a directory service for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. An information disclosure vulnerability exists when Active Directory Federation Services ADFS fails to properly log out a user. An attacker can exploit the vulnerability ...
CVE-2015-0993
Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably
Slack: Logout any user of same team
It is possible for a user to logout other member of same team even if they had selected Keep me signed in option. Steps to Verify: 1. Login to your team i.e https://yourteamname.slack.com. 2. On new tab on the same browser request a url which would be like...
Inductive Automation Ignition Invalid Session Expires Vulnerability
Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...
CVE-2014-8925
Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...
CVE-2014-8925
Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...
CVE-2014-8925
CVE-2014-8925 is a CSRF vulnerability in IBM Rational ClearQuest Web. It affects IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7. The issue is caused by improper validation in the DoLogout action, allowing an authenticated user to be logged out v...
Moodle Shibboleth Validation Plugin Force Quit Vulnerability
Moodle is an open source web-based teaching and learning application. A security vulnerability exists in Moodle multimedia that allows attackers to exploit this vulnerability to force a user to log out via the Shibboleth authentication plugin...
CVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...
CVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...