Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

UPM Policy - "Enable multi-session write back with Fslogix Profile Container" not working for local admins

Changes made in multiple sessions do not persist on logoff even after configuring "Enable multi-session write-back for FSLogix Profile Container" policy Note: The policy is available from Profile Management 2003 onwards...

Outlook Search Indexing Fails on Windows Server 2019 VDA

When setting up a Windows Server 2019 virtual machine with Multi session VDA 1912, Outlook Search Indexing is not function properly. In this scenario, User Profile Management functions as expected, and the OutlookOST and OutlookSearchIndex VHDX disks are properly mounted when user signed in...

curl: Use of connection struct after free

A use-after-free flaw was found in libcurl. When invoking curleasyperform after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is...

EggShell - iOS/macOS Remote Administration Tool

EggShell is an iOS and macOS post exploitation surveillance pentest tool written in Python. This tool creates 1 line multi stage payloads that give you a command line session with extra functionality. EggShell gives you the power and convenience of uploading/downloading files, taking pictures,...

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

Design/Logic Flaw

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

PT-2017-9715 · Red Hat +1 · Ipsilon +2

Name of the Vulnerable Software and Affected Versions: ipsilon versions 1.0 through 1.0.2 ipsilon versions 1.1 through 1.1.1 ipsilon versions 1.2 through 1.2.0 ipsilon versions 2.0 through 2.0.1 Description: A issue was found that allows an attacker to log out active sessions of other users. This...

GateOne Beta - Terminal emulator for HTML5 web browsers

GateOne Beta - Terminal emulator for HTML5 web browsers The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also...