CVE-2019-20144

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 10.8 through 12.6.1. It has Incorrect Access Control...

CVE-2019-15932

Intesync Solismed 3.3sp has Incorrect Access Control...

CVE-2019-16872

Portainer before 1.22.1 has Incorrect Access Control issue 1 of 4...

CVE-2019-10457

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2018-14866

Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that they do not own by making an RPC call before garbage collection occurs...

CVE-2018-18958

OPNsense 18.7.x before 18.7.7 has Incorrect Access Control...

CVE-2018-15207

BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin...

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticketid=ticket...

Plone and Zope2 affected by Race Condition

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

Sandbox Escape

AccessControl is vulnerable to sandbox escapes. Attackers can use the str.format function through web templates to access private content. Note: this is only relevant for projects using Python 2.6 or greater...

IBM WebSphere Portal Information Disclosure Vulnerability

IBM WebSphere Portal is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF19 PI51395 and PI53426 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF19 with interim fixes PI51395 and PI53426. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Portal AccessControl REST API that allows an...

IBM WebSphere Portal AccessControl REST API Information Disclosure (PI51395)

The version of IBM WebSphere Portal installed on the remote Windows host is affected by an information disclosure vulnerability due to improper access control enforcement of the REST API. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to gain access to...

CVE-2015-7447

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified...

CVE-2012-5507

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

PYSEC-2014-49

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

Input validation

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

CVE-2012-5507

CVE-2012-5507 affects Zope before 2.13.19 (as used in Plone before 4.2.3 and in 4.3 before beta 1). A timing-attack vulnerability in AccessControl/AuthEncoding.py could let remote attackers obtain passwords during validation. The issue is documented in multiple advisories under Plone/Zope referen...

CVE-2013-3009

CVE-2013-3009 affects IBM Java runtimes where the com.ibm.CORBA.iiop.ClientDelegate class exposes the java.lang.reflect.Method.invoke method, enabling remote attackers to call setSecurityManager and bypass sandbox protections via vectors related to the AccessController doPrivileged block. Affecte...