CWE:
 

Tytuł
Data
Autor
Low
EnBw SENEC Legacy Storage Box Log Disclosure
20.11.2023
Ph0s
Med.
CVE-2023-36339 WebBoss.io CMS IDOR
23.07.2023
Steven n0tst3 Black
Low
MOV.AI Robotics Engine 2.2.3-3 Improper Access Control
13.01.2023
Thurein Soe
High
Dovecot IMAP Server 2.2 Improper Access Control
08.07.2022
Julian Brook
High
Voltage SecureMail Server Business Logic Bypass
07.02.2022
TING Meng Yean
Low
WordPress Modern Events Calendar 5.16.2 Information Disclosure
02.07.2021
Ron Jost
Med.
Realteo WordPress Plugin <= 1.2.3 - Improper Access Control
02.04.2021
m0ze
Med.
Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation
23.03.2021
m0ze
Med.
Barco wePresent Undocumented SSH Interface
21.11.2020
Jim Becher
Med.
Reliable Services Improper Access Control
12.05.2020
KingSkrupellos
Med.
ThinkTrek Solutions Improper Access Control
11.05.2020
KingSkrupellos
Med.
Native Sparrow Improper Access Control
11.05.2020
KingSkrupellos
Med.
MediaCosmo CMS Improper Access Control
11.05.2020
KingSkrupellos
Med.
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation
21.03.2020
Silton Santos
High
Avira Free Security Suite 2019 Software Updater 2.0.6.13175 Improper Access Control
06.08.2019
Silton Santos
Low
Yurdum Software Reflected XSS Privilege Escalation
17.06.2019
KingSkrupellos
Med.
Blue Prism Robotic Process Automation (RPA) Privilege Escalation
23.05.2019
Benjamin Hess
Med.
AlumniMagnet OmniMagnet Improper Access Control Vulnerability
20.05.2019
KingSkrupellos
Med.
Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure
11.05.2019
TING Meng Yean
Med.
Designed by Longtail E-Media Improper Access Control and RFU Vulnerability
22.09.2018
AYAR
Low
WordPress Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
05.09.2018
KingSkrupellos
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Solarwinds LEM 6.3.1 Hardcoded Credentials
25.04.2017
Matt Bergin
Med.
HP Printers Wi-Fi Direct Improper Access Control
03.02.2017
Neseso
Med.
SAP HANA Information Disclosure
28.05.2015
onapsis
High
TheCartPress WordPress plugin 1.3.9 Multiple Vulns
29.04.2015
High-Tech Bridge Secur...
Low
SAP Background Processing RFC Missing Authorization
29.04.2014
Onapsis
Low
SAP BASIS Missing Authorization Check
29.04.2014
Onapsis
Low
SAP Profile Maintenance Missing Authorization
29.04.2014
Onapsis
High
OpenDocMan 1.2.7 Multiple Vulnerabilities
05.03.2014
High-Tech Bridge Secur...
High
Microweber 0.8 Arbitrary File Deletion
18.10.2013
High-Tech Bridge Secur...
High
Samsung Kies 2.3.2.12054_20 NULL Pointer Dereference and bypass
16.10.2012
High-Tech Bridge Secur...
High
PBBoard 2.1.4 SQL Injection and Improper Authentication
09.08.2012
High-Tech Bridge Secur...
Med.
AWScripts Gallery Search Engine 1.x Insecure Cookie Vulnerability
01.07.2009
TiGeR-Dz


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-06-13
Waiting for details
CVE-2024-34107

Updating...
 

 
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

 
Waiting for details
CVE-2024-26029

Updating...
 

 
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

 
Waiting for details
CVE-2024-34112

Updating...
 

 
ColdFusion versions 2023u7, 2021u13 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could exploit this vulnerability to gain unauthorized access to sensitive files or data. Exploitation of this issue does not require user interaction.

 
Waiting for details
CVE-2024-28969

Updating...
 

 
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources.

 
Waiting for details
CVE-2024-28968

Updating...
 

 
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

 
Waiting for details
CVE-2024-28967

Updating...
 

 
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

 
Waiting for details
CVE-2024-28966

Updating...
 

 
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

 
Waiting for details
CVE-2024-28965

Updating...
 

 
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state.

 
2024-06-12
Waiting for details
CVE-2024-2698

Updating...
 

 
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

 
2024-06-06
Waiting for details
CVE-2024-5248

Updating...
 

 
In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt management and project viewing/listing capabilities, explicitly excluding access to user information. However, the endpoint fails to enforce this restriction, allowing users with the `Prompt Editor` role to access the full list of users in the organization. This vulnerability allows unauthorized access to sensitive user information, violating the intended access controls.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top