122 matches found
CVE-2022-21568
The CVE-2022-21568 vulnerability affects Oracle E-Business Suite, specifically the iReceivables component (Access Request). Affected versions are 12.2.3–12.2.11. The issue allows a low-privilege attacker who can access the application over HTTP via the network to potentially access sensitive data...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2020-24655
A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...
CVE-2020-13275
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1...
Design/Logic Flaw
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1...
Default credentials
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/...
U.S. Dept Of Defense: [HTA2] Receiving████ access request on @wearehackerone.com email address
Hi, Description I'm not exactly sure what happened, but it seems that my researcher email [email protected] has been added in a group that receives new user access request from MIDRP. ████████ ██████████ Steps to reproduce I'm honestly not sure what happened. I did test a few .███...
CVE-2019-3761
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicio...
CVE-2019-3761
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicio...
CVE-2019-3761
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module. A remote authenticated malicious user could potentially exploit this vulnerability to store malicio...
CVE-2019-3761
The CVE-2019-3761 entry describes a stored cross-site scripting vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products released before 7.1.0 P08, specifically in the Access Request module. A remote authenticated attacker could store malicious HTML or ...
Multiple Cisco Products IOS XE Software Elevation of Privilege Vulnerability
Cisco 4000 Series Integrated Services Routers and others are different models of router products from Cisco USA. in which IOS XE Software is used. an operating system developed by Cisco for its network devices. An elevation of privilege vulnerability exists in the shell access request mechanism o...
Email Phishers Using New Way to Bypass Microsoft Office 365 Protections
Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection ATP mechanism implemented by widely used...
Request access to this page. userFullName can be modified.
Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...
Request access to this page. userFullName can be modified.
Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...
WinRadius Server Denial of Service Vulnerability
WinRadius Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WinRadius Server Access Request Packet Parsing DoS Vulnerability
WinRadius Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-3816
WinRadius Server 2009 allows remote attackers to cause a denial of service crash via a long password in an Access-Request packet...
Cross site request forgery (csrf)
WinRadius Server 2009 allows remote attackers to cause a denial of service crash via a long password in an Access-Request packet...
CVE-2012-3816
WinRadius Server 2009 allows remote attackers to cause a denial of service crash via a long password in an Access-Request packet...