[Full-Disclosure] 3COM 3crwe754g72-a Information Disclosure, Logs manipulation ...

Title: 3com 3crwe754g72-a Information Disclosure Class: Design Error Affects: 3com 3crwe754g72-a v 1.11 v 1.13 v 1.24 Id: cbsa-0000 Release Date: 2004 10 18 Author : Cyrille Barthelemy [email protected] -- 1. Introduction ------------------ 3Com 3crwe754g72-a is a bundle product which...

LDU (land down under) xss vulnerability

About Product ============= LDU is a php/mysql website engine. Description =========== A cross site scripting vulnerability exist in the BBcodes of the LDU forum. When you add a image to your message on the forum, the script doesn't check if it is javascript. I will give the following proof of...

[Full-Disclosure] Ph0rum phorum_uriauth replay attack

Arhont Ltd.- Information Security Arhont Advisory by: Konstantin Gavrilenko http://www.arhont.com Advisory: Ph0rum phorumuriauth replay attack Class: design bug ? Version: 4.3.7 Model Specific: Other version might have the same bug Contact Date: 11/05/2004 email sent to [email protected] PD releas...

RemotelyAnywhere - Default.HTML Logout Message Injection

source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by RemotelyAnywhere on user supplied 'reason' URI parameters...

RemotelyAnywhere - Default.HTML Logout Message Injection

RemotelyAnywhere - Default.HTML Logout Message Injection source: https://www.securityfocus.com/bid/9202/info RemotelyAnywhere has been reported prone to a logout message injection weakness. It has been reported that this issue presents itself due to a lack of sufficient restrictions performed by...

Rediff Bol 2.0.2 - URL Handling Denial of Service

Rediff Bol 2.0.2 - URL Handling Denial of Service source: https://www.securityfocus.com/bid/6670/info It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could sen...

Rediff Bol 2.0.2 - URL Handling Denial of Service

source: https://www.securityfocus.com/bid/6670/info It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could send an URL request to the client in the form of a...

CVE-2002-0673

The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions...

CVE-1999-1528

ProSoft Netware Client 5.12 for Macintosh MacOS 9 fails to log a user out of the NDS tree on system logout, potentially allowing other local users to access an unprotected NDS session. This CVE (CVE-1999-1528) is described in public records as a local-privilege/access concern with partial confide...

CVE-2000-0378

The vulnerability CVE-2000-0378 affects the pam_console PAM module in Linux systems. It arises because the module performs a chown on various devices at user login, and an open file descriptor for those devices can remain open after logout. This allows the user to sniff activity on those devices ...

pam_console.bug

When accepting luser console login, pamconsole called by /bin/login tries to be user-friendly, doing several chowns on devices like login tty and corresponding vcsa device, as well as other interesting devices: fd, audio devices dsp, mixer, audio, midi, sequencer, cdrom, streamer/zip drive device...

pam_console bug

When accepting luser console login, pamconsole called by /bin/login tries to be user-friendly, doing several chowns on devices like login tty and corresponding vcsa device, as well as other interesting devices: fd, audio devices dsp, mixer, audio, midi, sequencer, cdrom, streamer/zip drive device...

CVE-1999-1528

ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session...

CVE-1999-0355

CVE-1999-0355 affects ControlIT 4.5, where local or remote users can force a reboot or log out, causing a denial of service. The PT-1999-1044 entry confirms affected software and the DoS behavior but does not provide a fix or patched version in the supplied materials. No exploitation details or i...

CVE-1999-0355

Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service...

Use token when logging out

More info at https://phabricator.wikimedia.org/T25227...