CVE-2002-1849

ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with...

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

Cross site scripting

FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product...

Information disclosure

An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin...

CVE-2023-36492

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-33006

A cross-site request forgery CSRF vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-27918

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL...

Information Disclosure

github.com/traefik/traefik is vulnerable to information disclosure. The vulnerability exists in the New function of circuitbreaker.go because the authorization header is displayed in the debug logs, allowing an attacker to access the user logging system and steal user credentials...

CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product...

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a “su...

Insecure Logout

intercom-rails is vulnerable to insecure logouts. The library does not delete cookies on a user logging out, meaning that users aren't properly signed out, allowing a malicious user to access the system as a different user...

Tincat Network Library Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12912/info Tincat is reported prone to a remote buffer overflow vulnerability. It is reported that this issue exists in the function responsible for logging users that have connected to a game server. A successful attack...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Tincat Network Library - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/12912/info Tincat is reported prone to a remote buffer overflow vulnerability. It is reported that this issue exists in the function responsible for logging users that have connected to a game server. A successful attack can allow an attacker to gain...