EUVD-2022-3882

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-11406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x befor...

CVE-2024-43685 Session token fixation in TimeProvider 4100

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

PT-2023-22093 · Unknown · @Fastify/Csrf-Protection +1

Name of the Vulnerable Software and Affected Versions: @fastify/passport versions prior to the version that includes the configuration options clearSessionOnLogin and clearSessionIgnoreFields Description: The CSRF protection enforced by the @fastify/csrf-protection library, when combined with...

Possible CSRF token fixation

Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Patches The problem is fixed in versi...

CVE-2023-25170 PrestaShop has possible CSRF token fixation

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery CSRF. When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to...

CVE-2022-24895: Possible CSRF token fixation

More info at https://symfony.com/cve-2022-24895...

Symfony CSRF Token Fixation

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

CVE-2021-27181

An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...

Sensiolabs Symfony 2.7.x < 2.7.48, 2.8.x < 2.8.41, 3.3.x < 3.3.17, 3.4.x < 3.4.11, and 4.0.x < 4.0.11 Multiple Vulnerabilities

This host runs Symfony and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Cross-site Request Forgery (CSRF) Token Fixation

keycloak services are vulnerable to cross-site request forgery CSRF token fixation attacks. The attack exists because it does not use unique CSRF token.The KEYCLOAKSTATECHECKER cookie uses user-agent provided value for login and does not clear it at logout...

DEBIAN-CVE-2018-11406

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

Cross site request forgery (csrf)

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

UBUNTU-CVE-2018-11406

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the...

CVE-2018-11406

The CVE-2018-11406 issue affects Symfony's Security component across multiple branches (2.7.x &lt; 2.7.48, 2.8.x &lt; 2.8.41, 3.3.x &lt; 3.3.17, 3.4.x &lt; 3.4.11, 4.0.x

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

CVE-2018-11406: CSRF Token Fixation

Affected versions Symfony 2.7.0 to 2.7.47, 2.8.0 to 2.8.40, 3.3.0 to 3.3.16, 3.4.0 to 3.4.10, and 4.0.0 to 4.0.10 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.48, 2.8.41, 3.3.17, 3.4.11, and 4.0.11. 4.1.0 has also been fix...