Lucene search
K

2382 matches found

RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.5 views

rhn_satellite_6: cross-site request forgery (CSRF) can force logout

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

6.5CVSS5.8AI score0.00522EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.10 views

The vulnerability of the Moodle learning management system allows a perpetrator to bypass the authentication process for arbitrary users.

The vulnerability of the auth/shibboleth/logout.php component of the Moodle learning management system is related to the。 Exploiting this vulnerability could allow a malicious actor, operating remotely, to bypass authentication procedures for arbitrary users using specially crafted requests...

6.8CVSS5.6AI score0.01014EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2015/07/16 10:42 a.m.31 views

Zendesk: Security Missconfiguration in Autologin

Here I am addressing Critical misconfiguration in autologin feature 1. Open the link in the browser https://dashboard.zopim.com/home and enter your username and password and don't tick select the option Always sign in automatically and login 2. now logout from your account 3. now you logged out...

0.5AI score
Exploits0
NVD
NVD
added 2015/06/01 7:59 p.m.24 views

CVE-2015-0218

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

6.8CVSS7AI score0.01014EPSS
Exploits0References3
Prion
Prion
added 2015/06/01 7:59 p.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

6.8CVSS7.6AI score0.01014EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2015/06/01 7:59 p.m.23 views

CVE-2015-0218

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

6.8CVSS6AI score0.01014EPSS
Exploits0References3
OSV
OSV
added 2015/06/01 7:59 p.m.1 views

UBUNTU-CVE-2015-0218

Cross-site request forgery CSRF vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

6.8CVSS5.9AI score0.01014EPSS
Exploits0References4
CVE
CVE
added 2015/06/01 7:0 p.m.56 views

CVE-2015-0218

Moodle CSRF vulnerability CVE-2015-0218 affects the logout path in auth/shibboleth/logout.php. The issue allows remote attackers to hijack the authentication of arbitrary users via logout-triggering requests in Moodle versions 2.5.9 and earlier, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x b...

6.8CVSS7.1AI score0.01014EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2015/06/01 8:19 a.m.19 views

Legal Robot: CSRF

Security researcher identified a logout CSRF attack, which was later patched...

2AI score
Exploits0
CNVD
CNVD
added 2015/04/16 12:0 a.m.4 views

Microsoft Windows ADFS Information Disclosure Vulnerability

Active Directory is a directory service for Windows Standard Server, Windows Enterprise Server, and Windows Datacenter Server. An information disclosure vulnerability exists when Active Directory Federation Services ADFS fails to properly log out a user. An attacker can exploit the vulnerability ...

5.8CVSS6.4AI score0.12806EPSS
Exploits0References1
CVE
CVE
added 2015/04/03 10:0 a.m.58 views

CVE-2015-0993

Inductive Automation Ignition 7.7.2 is affected by CVE-2015-0993, where sessions are not terminated on logout, allowing a remote attacker to bypass access controls via an unattended workstation. Connected sources confirm Ignition is vulnerable in 7.7.x (notably

6.4CVSS9.1AI score0.02266EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2015/04/03 6:32 a.m.27 views

Slack: Logout any user of same team

It is possible for a user to logout other member of same team even if they had selected Keep me signed in option. Steps to Verify: 1. Login to your team i.e https://yourteamname.slack.com. 2. On new tab on the same browser request a url which would be like...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/04/02 12:0 a.m.3 views

Inductive Automation Ignition Invalid Session Expires Vulnerability

Ignition is an updated version of FactoryPMI, the HMI/SCADA product offered by Inductive Automation. Ignition does not delete the session after the user logs out, which can allow an attacker to reuse the current session...

6.4CVSS6.9AI score0.02266EPSS
Exploits0References1
NVD
NVD
added 2015/03/25 1:59 a.m.21 views

CVE-2014-8925

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

6.8CVSS6.5AI score0.00914EPSS
Exploits0References1
Prion
Prion
added 2015/03/25 1:59 a.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

6.8CVSS6.8AI score0.00914EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/03/25 1:0 a.m.26 views

CVE-2014-8925

Cross-site request forgery CSRF vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences...

6.5AI score0.00914EPSS
Exploits0References1
CVE
CVE
added 2015/03/25 1:0 a.m.54 views

CVE-2014-8925

CVE-2014-8925 is a CSRF vulnerability in IBM Rational ClearQuest Web. It affects IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7. The issue is caused by improper validation in the DoLogout action, allowing an authenticated user to be logged out v...

6.8CVSS6.6AI score0.00914EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/02/21 12:0 a.m.2 views

Moodle Shibboleth Validation Plugin Force Quit Vulnerability

Moodle is an open source web-based teaching and learning application. A security vulnerability exists in Moodle multimedia that allows attackers to exploit this vulnerability to force a user to log out via the Shibboleth authentication plugin...

6.8CVSS7AI score0.01014EPSS
Exploits0References1
NVD
NVD
added 2015/02/17 1:59 a.m.21 views

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...

2.1CVSS6.6AI score0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/02/17 1:0 a.m.27 views

CVE-2014-6102

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other...

6.6AI score0.00486EPSS
Exploits0References2
Rows per page
Query Builder