16 matches found
CVE-2025-66289
Summary: CVE-2025-66289 affects OrangeHRM versions 5.0–5.7, where sessions are not invalidated when a user is disabled or a password changes, allowing active session cookies to remain valid indefinitely. This enables continued access to protected pages by disabled users or attackers using comprom...
CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...
Linux Distros Unpatched Vulnerability : CVE-2019-1010054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password...
CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
CVE-2024-46892
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...
CVE-2023-39376
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...
SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces. The vulnerability can be exploited to crash the...
GHSA-HWMC-V6J6-GC2P Dolibarr Cross Site Request Forgery (CSRF)
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2022-33128)
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. SAP 3D Visual Enterprise Viewer - version 9.0 is vulnerable to an input validation error that could be exploited to crash the application and temporarily disable the user until the application is restarted. The application can ...
SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. SAP 3D Visual Enterprise Viewer version 9.0 is vulnerable to an input validation error that could be exploited to crash the application and temporarily disable the user until the application is restarted. The application can be...
PT-2021-17177 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 1.8.4 Description: The issue arises from the fact that tokens remain active even after the associated user account has been disabled. This is due to a problem in the util/session/sessionmanager.go file...
CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
UBUNTU-CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
CVE-2019-1010054
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery CSRF. The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access...
PT-2019-11451 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 7.0.0 Description: The issue allows malicious HTML to change user passwords, disable users, and disable password encryption. It is related to the function that handles user password changes, user disablement, and password...
CVE-2005-0311
Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources...