CVE-2012-1897

Multiple cross-site request forgery CSRF vulnerabilities in Wolf CMS 0.75 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 delete users via the user id number to admin/user/delete; 2 delete pages via the page id number to admin/page/delete;...

[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities

Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in...

CVE-2012-4581

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...

Design/Logic Flaw

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...

CVE-2012-4581

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...

Scientific Linux Security Update : bash on SL5.x i386/x86_64

Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...

DEBIAN-CVE-2012-1174

The rmrfchildren function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."...

CVE-2012-1174

The rmrfchildren function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."...

CVE-2012-2281

CVE-2012-2281 affects EMC RSA Access Manager Server 6.x (before 6.1 SP4) and RSA Access Manager Agent. The root cause is improper invalidation/validation of session tokens after a user logs out, which can let an attacker replay a valid session via unspecified vectors. The impact is that remote at...

Fedora 16 : php-pear-CAS-1.3.0-2.fc16 (2012-4119)

Upstream changelog Changes in version 1.3.0 Bug Fixes : - the saml logout url should be parsed urlencoded 24 dlineate - fix a proxy mode bug introduced in a previous comitt 16 Adam Franco - Fix includepath order so that the phpCAS path takes precedence 13 Adam Franco - fix invalid characters in t...

UBUNTU-CVE-2007-6752

Cross-site request forgery CSRF vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI. NOTE: the vendor disputes the significance of this issue, by considering the "security benefit...

PT-2012-1262 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 7.12 and earlier Description: A cross-site request forgery CSRF issue allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the "user/logout" URI. The vendor disputes the...

Wolfcms 0.75 - Cross-Site Request Forgery Cross-Site Scripting

Wolfcms 0.75 - Cross-Site Request Forgery Cross-Site Scripting +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano...

Wolfcms 0.75 - Cross-Site Request Forgery / Cross-Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...

Wolfcms <= 0.75 CSRF / XSS Vulnerabilities

Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wolfcms = 0.75 Multiple Vulnerabilities CSRF - XSS Date : 22-03-2012 Author : Ivano Binetti...

Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities

No description provided by source. Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link : http://drupal.org/download Vendor site : http://drupal.org Version : 7.12 and lower Tested on : Debian...

DEBIAN-CVE-2012-0908

Cross-site scripting XSS vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the linkhref parameter...

RSA Key Manager Appliance session termination vulnerabilty

Session may be not properly terminated after logout...

Facebook track your cookies even after logout !

Facebook track your cookies even after logout ! According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browse...

Facebook track your cookies even after logout !

Facebook track your cookies even after logout ! According to Australian technologist Nik Cubrilovic: 'Logging out of Facebook is not enough.' He added, Even after you are logged out, Facebook is able to track your browser's page every time you visit a website. He wrote in his blog 'With my browse...