CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Cross site request forgery (csrf)

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Security advisory, LedgerSMB 1.3.0-1.3.36

Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...

VMware vCloud Director 5.1.x < 5.1.3 Logout XSRF (VMSA-2014-0001)

The version of VMware vCloud Director installed on the remote host is 5.1.x prior to 5.1.3. It is, therefore, affected by a cross-site request forgery XSRF vulnerability due to an error in HTTP session management. A remote attacker can exploit this, by convincing a user to follow specially crafte...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

CVE-2014-1211

Cross-site request forgery CSRF vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout...

Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability

A vulnerability in the NetBIOS logout probe feature of the Identity Firewall IDFW feature of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to impact the authorization status of users authorized via this feature. The vulnerability is due to insufficient...

CVE-2014-0653

The Identity Firewall IDFW functionality in Cisco Adaptive Security Appliance ASA Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340...

Authentication flaw

The Identity Firewall IDFW functionality in Cisco Adaptive Security Appliance ASA Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340...

CVE-2014-0653

The Cisco ASA Identity Firewall (IDFW) NetBIOS logout probe vulnerability (CVE-2014-0653) stems from insufficient validation of NetBIOS probe responses, allowing an unauthenticated remote attacker to modify a user’s authentication state. Cisco notes the issue in Cisco-SA-20140108-CVE-2014-0653 an...

Authentication flaw

IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended workstation...

DEBIAN-CVE-2013-4555

Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...

UBUNTU-CVE-2013-4555

Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...

HackerOne: Session not expired on logout

hackerone.com website is not expiring the user's session immediately after logout. Steps to verify: 1. Log into the website - hackerone.com. 2. Capture any request. For ex, profile edit page using burp proxy. 3. Logout from the website. 4. Replay the request captured in step 3 and notice it...

Cross site scripting

Cross-site scripting XSS vulnerability in the access policy logout page logout.inc in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRHSession cookie...

CVE-2013-5976

The CVE-2013-5976 XSS vulnerability affects F5 BIG-IP APM: the access policy logout page (logout.inc) accepts the LastMRH_Session cookie to inject arbitrary script/HTML. Affected versions: BIG-IP APM 10.1.0–10.2.4 and 11.1.0–11.3.0. The security advisory (K14712) notes the vulnerability in the lo...

[WATOBO 0.9.13] THE Web Application Toolbox

WATOBO is intended to enable security professionals to perform highly efficient semi-automated web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter...

Telecom Italia Cookie Handling vulnerability allows hackers to hijack email accounts

A cookie is a piece of data that is issued by a server in an HTTP response and stored for future use by the HTTP client. Quite simply, a cookie is a small text file that is stored by a browser on the user’s machine. Cookies are plain text; they contain no executable code. The client then...

CVE-2013-3268

Novell iManager is affected: versions 2.7 prior to SP6 Patch 1 do not refresh the session token after logout, potentially enabling session-related abuse with remote access. Public references indicate multiple vulnerabilities for iManager