CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

Verizon Fios Actiontec model MI424WR-GEN3I router vulnerable to cross-site request forgery

Overview The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. CWE-352 Description The Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. CWE-352 A remote attacker that is able to trick a us...

Question2Answer 1.5.3 CSRF / Brute Force Vulnerability

Exploit for php platform in category web applications These are Brute Force, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the first part of vulnerabilities in this web application. ------------------------- Affected products:...

osTicket 1.7 RC2 CSRF / Disclosure / XSS / Redirect Vulnerabilities

osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

osTicket 1.6 ST CSRF / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...

DEBIAN-CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...

Design/Logic Flaw

WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...

UBUNTU-CVE-2012-5868

WordPress 3.4.2 does not invalidate a wordpresssec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack...

CVE-2012-5868

WordPress 3.4.2 does not invalidate the wordpress_sec session cookie upon an administrator logout, enabling potential discovery of valid session identifiers via brute-force or data replay. The description is consistently reported across multiple sources (CVE-2012-5868 entries in NVD and CVE recor...

CVE-2012-5471

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...

Design/Logic Flaw

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout...

WordPress <= 3.4.2

The attackers can discover valid session identifiers via a brute-force attack, because this WordPress version does not invalidate a wordpresssec session cookie upon an administrator's logout action. Solution The application should keep track of session identifiers where a user has explicitly logg...

DEBIAN-CVE-2011-5223

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2010-5067

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

Design/Logic Flaw

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

CVE-2010-5067

Virtual War aka VWar 1.6.1 R2 uses static session cookies that depend only on a user's password, which makes it easier for remote attackers to bypass timeout and logout actions, and retain access for a long period of time, by leveraging knowledge of a session cookie...

PHPWIND 8.7 手机版 CSRF

简要描述： 手机版的CSRF漏洞，由于手机版和电脑版共用cookie，所以对电脑版也有效 详细说明： 手机版“退出”链接为 index.php?a=quit 帖子内容写： imghttp://xxxxxxx/m/index.php?a=quit/img 看帖后即被退出 漏洞证明： 本地测试成功退出...

CVE-2012-1897

Multiple cross-site request forgery CSRF vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 delete users via the user id number to admin/user/delete; 2 delete pages via the page id number to admin/page/delete;...