Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Low
SAP Business Objects Unauthorized Audit Information Access
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized Audit Information Delete
26.02.2015
Onapsis
Low
SAP Business Objects Information Disclosure Via CORBA
09.10.2014
Will Vandevanter
Med.
SAP Business Warehouse Missing Authorization Check
09.10.2014
Will Vandevanter
Med.
SAP Business Objects Denial Of Service Via CORBA
09.10.2014
Will Vandevanter
Med.
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
15.11.2013
Pedro Andujar
High
Zoom Telephonics Multiple Vulns
03.09.2013
K Lovett
CVEMAP Search Results
CVE
Details
Description
2018-06-14
Low
CVE-2018-8927
Vendor:
Synology
Software:
Calendar
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
2018-06-12
Medium
CVE-2017-3960
Vendor:
Mcafee
Software:
Network secu...
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
2018-06-05
Medium
CVE-2018-1000197
Vendor:
Jenkins
Software:
Black duck hub
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.
2018-05-31
Low
CVE-2018-11142
Vendor:
Quest
Software:
Kace system ...
The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.
2018-05-24
Medium
CVE-2018-1000155
Vendor:
Opennetworking
Software:
Openflow
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instability. This attack appear to be exploitable via Network connectivity: the attacker must first establish a transport connection with the OpenFlow controller and then initiate the OpenFlow handshake.
2018-05-11
Medium
CVE-2018-1258
Vendor:
Pivotal software
Software:
Spring framework
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Low
CVE-2018-1278
Vendor:
Pivotal software
Software:
Pivotal appl...
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member of any org is able to create invitations to any org for which the org GUID can be discovered. Accepting this invitation gives unauthorized access to view the member list, domains, quotas and other information about the org.
2018-04-30
Low
CVE-2018-1389
Updating...
IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213.
2018-04-25
Medium
CVE-2018-10212
Vendor:
Vaultize
Software:
Enterprise f...
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.
Medium
CVE-2018-10211
Vendor:
Vaultize
Software:
Enterprise f...
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
Copyright
2018
, cxsecurity.com
Back to Top
