UBUNTU-CVE-2020-1768

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...

Qualys Cloud Platform (VM, PC) 8.20 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.20, includes several new features in Qualys Cloud Platform and additional support for multiple technologies in Qualys Policy Compliance. Feature Highlights Qualys Cloud Platform Configure Password Expiration Notification – Now users...

Pydio Core <= 8.2.2 Information Disclosure Vulnerability - Active Check

Pydio Core is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pydio:pydio";...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

Information disclosure

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information...

CVE-2019-10046

CVE-2019-10046 affects Pydio 8.2.2 and is an information-disclosure vulnerability where an unauthenticated attacker can obtain details about the application configuration (e.g., session timeout, libraries, license information). Public sources (NVD, RH Red Hat advisory, OpenVAS entry) describe it ...

CVE-2019-5626 BlueCats Reveal Android App Insecure Storage

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage 30 days of no user activity. This can allow an attacker to compromise the affected BlueCats networ...

Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...

Traq 3.7.1 CSRF / XSS / SQL Injection

================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers [email protected] twitter.com/matthewjland...

Error: "Cannot Complete Your Request" Due to Incorrect Session Timeout Settings on StoreFront

The following error is displayed due to incorrect session time out settings on StoreFront: Cannot Complete Your Request...

Cisco Umbrella Dashboard Session Expiration Issue

Cisco Umbrella uses the internet infrastructure to block connections to malicious destinations before any connections to those destinations can be established. Cisco Umbrella also provides visibility into internet activity across all devices and all ports, even when users are no longer connected ...

IBM Integration Bus Session Hijacking Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. A session hijacking vulnerability...

Low: Red Hat Security Advisory: org.ovirt.engine-root security, bug fix, and enhancement update

An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager version 4.1. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ovirt-engine: webadmin log out must logout all sessions

It was discovered that the ovirt-engine webadmin session would not properly enforce timeouts. Browser sessions would remain logged in beyond the administratively configured session timeout period...

Users prompted for the message "Please close your browser to protect your account"

When using Storefront and SAML or smart card authentication, after the user logs off or the session times out, if the user tries to log back in an error is displayed. With Smartcard the error is You cannot log on using a smart card Please close your browser to protect your account SAML...

F5 with StoreFront session timeout closing active sessions

When the StoreFront session times out, it's closing active ICA sessions. We found the issue is only happening when authenticating via F5 frontend. When Authenticating via F5. After 20 minutes the Citrix Desktop and storefront session shuts down. After 17 minutes, a 3 mins countdown starts in the...

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-0...

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Dasan Networks GPON ONT WiFi Router H64X Series Cross-Site Request Forgery Vendor: Dasan Networks Product web page: http://www.dasannetworks.com | http://www.dasannetworks.eu Affected version: Model: H640GR-02 H640GV-03 H640GW-02 H640RW-02 H645G Firmware: 3.03p1-1145 3.03-1144-01 3.02p2-1141...

meredithwellness.com XSS vulnerability

Vulnerable URL: https://meredithwellness.com/index.php?emsg=Your%20session%20has%20timed%20out%20or%20expired.%20Please%20login%20to%20continue...