CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

Harvest: Unauthorized access to all the actions of invoices by PM (Access control Issues)

Hi Team, Description : Project ManagerFull access Can't access the projects and invoices which are not assigned to him.But this can be bypassed and following action Can be done by Any project manager : 1. Mark as send 2.Mark as draft 3.Mark as closed 4.Mark as open Any manager Can change above...

Managing Cookies

By selecting the Sites… button, you can manage the cookie settings for specific sites. You can add or remove sites, and you can change the current settings for existing sites. The bottom section of this window will specify the domain of the site and the action to take when that site wants to plac...