TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download: http://www.tomatocart.com/component/extensionmanage/?task=downloadfiles&file=tomatocart-1.0.1.zip --- -= CSRF PoC 1 - Create Admin User =- TomatoCart 1.0.1 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF...

TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities

TomatoCart 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download: http://www.tomatocart.com/component/extensionmanage/?task=downloadfiles&file=tomatocart-1.0.1.zip --- -= CSRF PoC 1 - Create Admin User =-...

TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 03:36:08 PM EEST Vendor: http://www.tomatocms.com/ Download: None --- -= CSRF PoC 1 - Change Administrator Password =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create Admin User =- TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities -...

Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 08:08:10 PM EEST Vendor: http://www.novo-ws.com/orbis-cms/ Download: http://www.ohloh.net/p/orbis-cms/download?filename=orbis-1.0.2.zip --- -= CSRF PoC 1 - Change Admin Password =- Orbis CMS 1.0.2 Multiple...

Orbis CMS 1.0.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 08:08:10 PM EEST Vendor: http://www.novo-ws.com/orbis-cms/ Download: http://www.ohloh.net/p/orbis-cms/download?filename=orbis-1.0.2.zip --- -= CSRF PoC 1 - Change Admin Password =- Orbis CMS 1.0.2 Multiple CSRF Vulnerabilities - Change Admin Password -= CSRF PoC 2 - Create...

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF PoC 2 - Delete User =- img...

Elite CMS 1.01 - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities

Name: Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities Author: 10n1z3d Date: Sat 10 Jul 2010 08:05:44 PM EEST Vendor: http://elitecms.net/ Download: http://elitecms.net/download.php?download=eliteCMS -= CSRF PoC 1 - Change Admin Password =- Elite CMS 1.01 Multiple XSS/CSRF Vulnerabilities - Chang...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

CVE-2009-4907

Multiple cross-site request forgery CSRF vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that 1 change the admin password, 2 force an admin logout, 3 change the visibility of posts, 4 remove links, and 5 change the name fields of a blog...

Logout Button / Option Missing for some LDAP user accounts

Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...

Logout Button / Option Missing for some LDAP user accounts

Instance Details / Description: The logout option to kill sessions is not present for some user accounts i,e, the zzsvat01-05 test accounts. It is believed that this is caused by LDAP user accounts that don't have a first and / or last name present. For these specific rare instances i.e. probably...

Gmail Checker Plus Chrome Extension Cross Site Scripting / Cross Site Request Forgery

Gmail Checker plus Chrome extension XSS/CSRF II extension: https://chrome.google.com/extensions/detail/gffjhibehnempbkeheiccaincokdjbfe advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension.html Exploit available:yes vendor notify: NO So in this case "Google Mail Checke...

Orkut Scrapbook Forced Logout

Hello, There is a small bug in orkut scrapbook that if any one sends a scrp containing the following code Then the recipient will logout automatically from the orkut. Same thing occurred to me while I was browsing and mail was sent to me from my friend Nikhil and In case same thing occurs with yo...

CVE-2009-4829

Cross-site scripting XSS vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-7255

loginscreen.tcl in aMSN aka Alvaro's Messenger before 0.97.1 saves a password after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation...

CVE-2010-1135

The userlogout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse...

Microsoft Windows Client/Server Run-time Subsystem

Invalid process termination on user's logout...

SA-CONTRIB-2009-114 - Automated Logout - Cross Site Scripting

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module does not sanitize some of the user-supplied data before displaying it, leading to a cross-site scripting XSS vulnerability. Users who can take advantage of this vulnerability...

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking AMGH is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device...