121 matches found
CVE-2023-27301
Improper access control in some IntelR ThunderboltTM DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access...
autostloukas.gr Improper Access Control vulnerability OBB-3831386
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
icodesign.com Improper Access Control vulnerability OBB-3826776
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
upembroidery.com Improper Access Control vulnerability OBB-3814264
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
outofboundsradioshow.com Improper Access Control vulnerability OBB-3806638
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ludmilaschuster.com Improper Access Control vulnerability OBB-3804088
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-48815
kkFileView v4.3.0 is vulnerable to Incorrect Access Control...
CVE-2023-48894
Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...
cenatidiomas.com Improper Access Control vulnerability OBB-3795388
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bradrozier.com Improper Access Control vulnerability OBB-3794599
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
funerariaanoia.cat Improper Access Control vulnerability OBB-3789177
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-43336
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101...
Zope Information Disclosure Vulnerability (GHSA-8xv7-89vj-q48c)
Zope is prone to an information disclosure vulnerability through Python SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zope:zope...
CVE-2023-39376 SiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the network
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...
New Ward Can Revoke Admin Access
Lines of code Vulnerability details Impact A Newly added ward can remove all the wards from the system, including the admin one. Proof of Concept There is not a mechanism to prevent newly added wards from removing everyone else access' to the contracts, including the admin. Tools Used Manual...
No way to revoke Approval in DelegateToken.approve leads to un authorized calling of DelegateToken.transferFrom
Lines of code Vulnerability details Impact There is no way to revoke the approval which given via DelegateToken.approveaddress,delegateTokenId. They can able call the DelegateToken.transferFrom even the tokenHolder revoke the permission using the DelegateToken.setApprovalForAll if the spender...
Information Disclosure
AccessControl is vulnerable to Information Disclosure. The vulnerability is due to the formatmap function which allows attackers controlling the format string to read objects accessible via getattr and getitem which can result a critical information disclosure...
Information disclosure in AccessControl
Impact Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...
ethyca-fides (>=2.10.0 <=2.18.0) potentially affected by CVE-2023-41050 via accesscontrol (=6.0.0)
accesscontrol PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on accesscontrol and may be impacted: - ethyca-fides =2.10.0, =2.18.0 Source cves: CVE-2023-41050 Source advisory: OSV:GHSA-8XV7-89VJ-Q48C...
GHSA-8XV7-89VJ-Q48C Information disclosure in AccessControl
Impact Python's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...