534 matches found
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
CVE-2024-55470
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the...
PT-2024-36525 · Unknown · Oqtane Framework
Name of the Vulnerable Software and Affected Versions: Oqtane Framework version 6.0.0 Description: The issue concerns Incorrect Access Control, allowing attackers to bypass passcode validation by manipulating the entityid parameter. This enables them to log into the application or access restrict...
CVE-2024-55470
Oqtane Framework 6.0.0 is affected by Incorrect Access Control. The vulnerability arises from insufficient server-side validation of the entityid parameter, allowing an attacker to bypass passcode validation and log in or access restricted data. The root cause is reliance on client-side authentic...
UBUNTU-CVE-2024-11703
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox 133...
PT-2024-34384 · Owncloud · Owncloud
Name of the Vulnerable Software and Affected Versions: Owncloud android apk version 4.3.1 Description: An issue in the Owncloud android application allows a physically proximate attacker to escalate privileges. This is specifically related to the PassCodeViewModel class, in the checkPassCodeIsVal...
Brokerage Wave 安全漏洞
Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from a lack of limitations on too many failed authentication attempts for API-based logins, which could allow an attacker to cause unauthorized access by brute-forc...
GHSA-XMMM-JW76-Q7VG Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass
Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Vulnerabilities
A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and...
CVE-2024-8687
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstal...
CVE-2024-8687
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstal...
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstal...
PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or passcode is known, end users can uninstal...
PT-2024-39177 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: An information exposure issue exists in the software, allowing a GlobalProtect end user to obtain the configured GlobalProtect uninstall password and the configured disabl...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 24.0.7 Update
New Red Hat build of Keycloak 24.0.7 packages are available from the Customer Portal Red Hat build of Keycloak 24.0.7 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
Koyo DirectLogic PLC Password Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework msfdev is going to want a bunch of other stuff for style/compat but this works TODO: Make into a real AuthBrute module, although the password pattern is fixed class...
It's best to just assume you’ve been involved in a data breach somehow
Between AT&T, all the follow-on activity from Snowflake, Microsoft Outlook, and more, its best to probably just assume at this point that your personal information has somehow been involved in a data breach. Were only halfway through 2024, and weve already seen some of the largest data breaches a...
Citrix Endpoint Management: Policies Guide
Introduction Citrix XenMobile policies play a pivotal role in shaping how organizations interact with and manage their device ecosystems. By creating and enforcing specific policies, administrators can tailor the behaviour of devices to meet the unique needs of their business environments. Overvi...