39 matches found
Session Fixation
Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...
GHSA-WMJR-V86C-M9JJ Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Summary A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cook...
Better Auth's multi-session sign-out hook allows forged cookies to revoke arbitrary sessions
Summary A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cook...
EUVD-2021-17821
Malware in sbrugna...
EUVD-2021-1066
Malware in sbrugna...
Citrix DaaS | Workspace expiration period forced Users to re-authenticate
When the user logs in to workspace URL, they are unexpected behavior while using CWA. -They will be prompted to keep themselves logged in due to a Inactive policy set. -Once they select keep me logged in, the workspace page gets refreshed and they don't see any apps or desktops...
Improper Session Termination
umbraco.cms is vulnerable to Improper Session Termination. The vulnerability is due to the server session not being fully terminated during an explicit sign-out, which could allow unauthorized access...
GHSA-WXW9-6PV9-C3XC Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Impact During an explicit sign-out, the server session is not fully terminated...
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Impact During an explicit sign-out, the server session is not fully terminated...
CVE-2024-48929 Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out
Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue...
PT-2024-33276 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 13.x prior to 13.5.2 Umbraco versions 10.x prior to 10.8.7 Description: The issue occurs during an explicit sign-out, where the server session is not fully terminated. This affects Umbraco, a free and open source .NET content...
September 30, 2024—KB5043178 (OS Build 26100.1882) Preview
September 30, 2024—KB5043178 OS Build 26100.1882 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.Note Follow @WindowsUpdate to find out when new content is published to the Windows release health...
PKP OPEN JOURNAL SYSTEMS 输入验证错误漏洞
PKP OPEN JOURNAL SYSTEMS PKP OJS is an end-to-end scholarly publishing platform from PKP, Inc. An input validation error vulnerability exists in PKP OPEN JOURNAL SYSTEMS 3.4.0-6 and earlier versions, which stems from the parameter source in file /login/signOut that causes an open redirect...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. which provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.1.10.0 and earlier, which stems from incorrect input validation and allows an attack...
Insufficient Session Expiration
github.com/greenpau/caddy-security is vulnerable to Insufficient Session Expiration. The vulnerability is due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain...
Insufficient Session Expiration in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...
Session fixation
All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers w...
PT-2024-18908
Name of the Vulnerable Software and Affected Versions github.com/greenpau/caddy-security affected versions not specified Description The issue is related to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid ev...
CVE-2023-28003
A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account...
编号撤回
easyii CMS is a simple CMS for simple websites developed by individual developer noumo. easyii CMS has a cross-site request forgery vulnerability in the /admin/sign/out file. An attacker can exploit this vulnerability to cause cross-site request forgery...