2356 matches found
SA-CONTRIB-2009-070 - Shibboleth authentication - Impersonation, privilege escalation
The Shibboleth authentication module provides user authentication and authorisation based on the Shibboleth Web Single Sign-on system. The module does not properly handle the changes of the underlying Shibboleth session. This can result in impersonation and possible privilege escalation if a user...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout...
Logout is not working on QA-EAC
Select 'Log Out' from the user menu. Note that you haven't been logged out...
Logout is not working on QA-EAC
Select 'Log Out' from the user menu. Note that you haven't been logged out...
Logout is not working on QA-EAC
Select 'Log Out' from the user menu. Note that you haven't been logged out...
CVE-2008-7058
Cross-site request forgery CSRF vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php...
CVE-2008-7058
CVE-2008-7058 describes a CSRF vulnerability in BandSite CMS 1.1.4 that allows remote attackers to hijack administrator sessions and force a logout via adminpanel/logout.php . The issue is triggered by cross-site requests performed with an authenticated admin, enabling session manipulation withou...
CVE-2009-2150
Multiple cross-site request forgery CSRF vulnerabilities in Campus Virtual-LMS allow 1 remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a ...
CVE-2009-2129
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
CVE-2009-2129
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
CVE-2009-2129
Cross-site request forgery CSRF vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action...
Open redirect
Open redirect vulnerability in the ibmsecuritylogout servlet in IBM WebSphere Application Server WAS 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the...
CVE-2008-4284
Open redirect vulnerability in the ibmsecuritylogout servlet in IBM WebSphere Application Server WAS 5.1.1.19 and earlier 5.x versions, 6.0.x before 6.0.2.33, and 6.1.x before 6.1.0.23 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the administration interface in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allo...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
Session must not be invalidated on logout
People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...
CVE-2008-4689
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions...
CVE-2008-4689
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions...
Design/Logic Flaw
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions...
CVE-2008-4689
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions...