9 matches found
FreeScout Security Bypass Vulnerability
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...
FreeScout 安全漏洞
FreeScout is an ultra-lightweight and powerful free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that can be exploited by an attacker to gain initial access to an account by leveraging an invitation li...
CVE-2019-5468
An privilege escalation issue was discovered in Gitlab versions 12.1.2, 12.0.4, and 11.11.6 when Mattermost slash commands are used with a blocked account...
CVE-2023-42481
In SAP Commerce Cloud - versions HYCOM 1905, HYCOM 2005, HYCOM2105, HYCOM 2011, HYCOM 2205, COMCLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, d...
Upgraded Q -> 2 from #481 [1700080840600]
Judge has assessed an item in Issue 481 as 2 risk. The relevant finding follows: A blocked/sanctioned account can still received interest --- The text was updated successfully, but these errors were encountered: All reactions...
DRUPAL-CONTRIB-2022-001
This module enables you to login with an email address. The module doesn't sufficiently check if a user account is active when using email login. This vulnerability is mitigated by the fact that an attacker must have an account in the website that is blocked...
CVE-2019-5468
An privilege escalation issue was discovered in Gitlab versions 12.1.2, 12.0.4, and 11.11.6 when Mattermost slash commands are used with a blocked account...
CVE-2019-5468
An privilege escalation issue was discovered in Gitlab versions 12.1.2, 12.0.4, and 11.11.6 when Mattermost slash commands are used with a blocked account...
Information disclosure
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked...