CVE-2010-2473

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked...

CVE-2013-2994

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors...

FreeBSD : drupal -- multiple vulnerabilities (b3531fe1-2b03-11df-b6db-00248c9b4be7)

Drupal Team reports : A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed. The API function drupalgoto is susceptible to a phishing attack. An...

IMail < 7.06 Account Hijack Vulnerability

The remote host is running IMail web interface. In this version, the session is maintained via the URL. It will be disclosed in the Referer field if you receive an email with external links e.g. images SPDX-FileCopyrightText: 2003 Michel Arboi Some text descriptions might be excerpted from a...