CVE-2011-2732: Spring Security header injection vulnerability

CVE-2011-2732: Spring Security header injection vulnerability Severity: Important Versions Affected: 2.0.0 to 2.0.6 3.0.0 to 3.0.5 Earlier versions may also be affected Description: Spring Security allows the use of a parameter named "spring-security-redirect" by default to determine the location...

bash security update

CentOS Errata and Security Advisory CESA-2011:1073 An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

RHEL 5 : bash (RHSA-2011:1073)

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

Low: Red Hat Security Advisory: bash security, bug fix, and enhancement update

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

WeBid 1.0.2 - 'converter.php' Remote Code Execution

checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with magicquotesgpc = off in logout.php: 21. if...

WeBid 1.0.2 - converter.php Remote Code Execution

WeBid 1.0.2 - converter.php Remote Code Execution checkmysql$res, $query, LINE, FILE; 157. $itemtitle = mysqlresult$res, 0, 'title'; Input passed through $REQUEST'auctionid' isn't properly sanitised before being used in the SQL query at line 154. - Vulnerable code to SQL injection works with...

logout.action is not protected against XSRF - CVE-2012-6342

Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...

logout.action is not protected against XSRF - CVE-2012-6342

Cross-site request forgery CSRF vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators, for requests that logout the user via a comment...

logout.action is not protected against XSRF

This is a duplicate of CONF-21758. Please only resolve this ticket when CONF-21758 is fixed...

Design/Logic Flaw

The Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server TIP/eWAS framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote...

Facebook Enhances Security With HTTPS, Remote Disconnect !

Maybe it was Mark Zuckerberg fan site hack that led upgrade security of Facebook, but for some reason, users now have access HTTPS. Facebook will leave the office during the next few weeks, which means that user activity is now encrypted when it hits a Web server. This is mainly useful when you...

CVE-2010-3589

Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout...

CVE-2010-3589

Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout...

CVE-2008-7269

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...

CVE-2008-7269

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action...

Angel LMS 7.3 Cross Site Scripting

I have discovered a security exploit in Angel LMS 7.3 "Colleges and universities worldwide choose the ANGEL LMS to deliver powerful online teaching and learning experiences. ANGEL provides the comprehensive LMS features institutions need in a simple interface that promotes adoption. A recognized...

[SECURITY] Fedora 13 Update: pam_mount-2.5-1.fc13

This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as semi-diskless stations where many users can logon. The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code ...

[SECURITY] Fedora 12 Update: pam_mount-2.5-1.fc12

This module is aimed at environments with central file servers that a user wishes to mount on login and unmount on logout, such as semi-diskless stations where many users can logon. The module also supports mounting local filesystems of any kind the normal mount utility supports, with extra code ...

CVE-2010-2532

lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no...