Lucene search
K

216 matches found

Atlassian
Atlassian
added 2010/11/23 3:38 a.m.18 views

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

1.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2010/01/26 12:0 a.m.91 views

FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities

Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...

7.5CVSS0.2AI score0.01391EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2008/11/03 12:0 a.m.32 views

Fedora 8 : phpMyAdmin-3.0.1.1-1.fc8 (2008-9336)

This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...

2.6CVSS5.5AI score0.0606EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/11/03 12:0 a.m.24 views

Fedora 9 : phpMyAdmin-3.0.1.1-1.fc9 (2008-9316)

This update by upstream to phpMyAdmin 3.0.1.1 solves CVE-2008-4775, a XSS issue in pmdpdf.php via db parameter when registerglobals is enabled. - GUI SQL error after sorting a subset - lang Catalan update - lang Russian update - import Temporary uploaded file not deleted - auth Cannot create...

2.6CVSS5.5AI score0.0606EPSS
Exploits0References3
Atlassian
Atlassian
added 2008/01/23 2:4 p.m.21 views

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/01/23 2:4 p.m.37 views

Different IE browser windows have different sessions and different session timeout timing

One of our user reported the following: ---- I discovered the reason why JIRA sometimes closes my IE session, it depends on the way you login: 1 When you login via navigation to your home page http://support/jira/secure/Dashboard.jspa all is ok, multiple JIRA sessions never expire. 2 When you log...

7AI score
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.17 views

Debian: Security Advisory (DSA-662-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.03614EPSS
Exploits0References3
myhack58
myhack58
added 2006/05/21 12:0 a.m.18 views

session spoofing and password theft probe-vulnerability warning-the black bar safety net

session spoofing article first briefly about the General asp system of the authentication principle. In General, the backend administrator login page enter the account password, the program will take him to submit a user name and password to the database administrator table to find if there is th...

6.9AI score
Exploits0
Debian
Debian
added 2005/03/14 2:24 p.m.29 views

[SECURITY] [DSA 662-2] New squirrelmail package fixes regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 662-2 [email protected] http://www.debian.org/security/ Martin Schulze March 14th, 2005 http://www.debian.org/security/faq -...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/02 12:0 a.m.31 views

Debian DSA-662-2 : squirrelmail - several vulnerabilities

Andrew Archibald discovered that the last update to squirrelmail which was intended to fix several problems caused a regression which got exposed when the user hits a session timeout. For completeness below is the original advisory text : Several vulnerabilities have been discovered in...

7.5CVSS5.3AI score0.03614EPSS
Exploits0References5
OSV
OSV
added 2005/02/01 12:0 a.m.37 views

DSA-662-1 squirrelmail - several

Bulletin has no description...

7.5CVSS6AI score0.03614EPSS
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.11 views

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

4.6CVSS6.7AI score0.00439EPSS
Exploits1References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.17 views

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache...

6.7AI score0.00439EPSS
Exploits1References3
Cvelist
Cvelist
added 2001/09/12 4:0 a.m.14 views

CVE-1999-1151

Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password...

6.8AI score0.01258EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.54 views

Windows 2000 Telnet Service DoS

Below is the original message sent to Microsoft, and since apparently 'Disclosure Procedures' are once again in focus... 11/08/2000 - Issue is reported to Microsoft's Security Response Team [email protected] 11/10/2000 - Microsoft confirmed receipt 11/21/2000 - Microsoft responded that they...

7.2AI score
Exploits0
NVD
NVD
added 1998/06/03 4:0 a.m.7 views

CVE-1999-1151

Compaq/Microcom 6000 Access Integrator does not cause a session timeout after prompting for a username or password, which allows remote attackers to cause a denial of service by connecting to the integrator without providing a username or password...

5CVSS0.01258EPSS
Exploits0References2
Rows per page
Query Builder