Show CWE-284: Improper Access Control

	Topic	Date	Author
Low	EnBw SENEC Legacy Storage Box Log Disclosure	20.11.2023	Ph0s
Med.	CVE-2023-36339 WebBoss.io CMS IDOR	23.07.2023	Steven n0tst3 Black
Low	MOV.AI Robotics Engine 2.2.3-3 Improper Access Control	13.01.2023	Thurein Soe
High	Dovecot IMAP Server 2.2 Improper Access Control	08.07.2022	Julian Brook
High	Voltage SecureMail Server Business Logic Bypass	07.02.2022	TING Meng Yean
Low	WordPress Modern Events Calendar 5.16.2 Information Disclosure	02.07.2021	Ron Jost
Med.	Realteo WordPress Plugin <= 1.2.3 - Improper Access Control	02.04.2021	m0ze
Med.	Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation	23.03.2021	m0ze
Med.	Barco wePresent Undocumented SSH Interface	21.11.2020	Jim Becher
Med.	Reliable Services Improper Access Control	12.05.2020	KingSkrupellos
Med.	ThinkTrek Solutions Improper Access Control	11.05.2020	KingSkrupellos
Med.	Native Sparrow Improper Access Control	11.05.2020	KingSkrupellos
Med.	MediaCosmo CMS Improper Access Control	11.05.2020	KingSkrupellos
Med.	Avast Secure Browser 76.0.1659.101 Local Privilege Escalation	21.03.2020	Silton Santos
High	Avira Free Security Suite 2019 Software Updater 2.0.6.13175 Improper Access Control	06.08.2019	Silton Santos
Low	Yurdum Software Reflected XSS Privilege Escalation	17.06.2019	KingSkrupellos
Med.	Blue Prism Robotic Process Automation (RPA) Privilege Escalation	23.05.2019	Benjamin Hess
Med.	AlumniMagnet OmniMagnet Improper Access Control Vulnerability	20.05.2019	KingSkrupellos
Med.	Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure	11.05.2019	TING Meng Yean
Med.	Designed by Longtail E-Media Improper Access Control and RFU Vulnerability	22.09.2018	AYAR
Low	WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability	05.09.2018	KingSkrupellos
Med.	WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability	21.06.2018	KingSkrupellos
High	Solarwinds LEM 6.3.1 Hardcoded Credentials	25.04.2017	Matt Bergin
Med.	HP Printers Wi-Fi Direct Improper Access Control	03.02.2017	Neseso
Med.	SAP HANA Information Disclosure	28.05.2015	onapsis
High	TheCartPress WordPress plugin 1.3.9 Multiple Vulns	29.04.2015	High-Tech Bridge Secur...
Low	SAP Background Processing RFC Missing Authorization	29.04.2014	Onapsis
Low	SAP BASIS Missing Authorization Check	29.04.2014	Onapsis
Low	SAP Profile Maintenance Missing Authorization	29.04.2014	Onapsis
High	OpenDocMan 1.2.7 Multiple Vulnerabilities	05.03.2014	High-Tech Bridge Secur...
High	Microweber 0.8 Arbitrary File Deletion	18.10.2013	High-Tech Bridge Secur...
High	Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass	16.10.2012	High-Tech Bridge Secur...
High	PBBoard 2.1.4 SQL Injection and Improper Authentication	09.08.2012	High-Tech Bridge Secur...
Med.	AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability	01.07.2009	TiGeR-Dz

CVEMAP Search Results

CVE

Details

Description

2024-10-22

CVE-2024-48925

Updating...

Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to the settings section. Version 14.3.0 contains a patch.

2024-10-16

	CVE-2020-36838	Updating...	The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites.
	CVE-2020-36831	Updating...	The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17. This makes it possible for low-privileged attackers, like subscribers, to perform restricted actions that would be otherwise locked to a administrative-level user.

2024-10-15

CVE-2024-38204

Updating...

Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.

2024-10-11

CVE-2024-45397

Updating...

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by packets with a spoofed source address. This behavior allows attackers on the network to execute HTTP requests from addresses that are otherwise rejected by the address-based access control. The vulnerability has been addressed in commit 15ed15a. Users may disable the use of TCP FastOpen and QUIC to mitigate the issue.

2024-10-10

CVE-2024-45149	Updating...	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-45135	Updating...	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45133	Updating...	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction.
CVE-2024-45129	Updating...	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.
CVE-2024-45124	Updating...	Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction.

20.11.2023

23.07.2023

13.01.2023

08.07.2022

07.02.2022

02.07.2021

02.04.2021

23.03.2021

21.11.2020

12.05.2020

11.05.2020

11.05.2020

11.05.2020

21.03.2020

06.08.2019

17.06.2019

23.05.2019

20.05.2019

11.05.2019

22.09.2018

05.09.2018

21.06.2018

25.04.2017

03.02.2017

28.05.2015

29.04.2015

29.04.2014

29.04.2014

29.04.2014

05.03.2014

18.10.2013

16.10.2012

09.08.2012

01.07.2009