2505 matches found
About the security content of iCloud for Windows 7.5
About the security content of iCloud for Windows 7.5 This document describes the security content of iCloud for Windows 7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
About the security content of iTunes 12.7.5 for Windows
About the security content of iTunes 12.7.5 for Windows This document describes the security content of iTunes 12.7.5 for Windows. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patche...
Design/Logic Flaw
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter...
Vimeo: Improper Authentication in Vimeo's API 'versions' endpoint.
The versions endpoint was exploitable by accounts that were not pro or business. Issue -- There was an authorization issue in versions endpoint, Which on exploiting could allow an attacker to leak private videos of pro/business users due to the fact version is only applicable for pro/business...
CVE-2017-0927
Removed by vendor...
Code injection
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant of access. IBM X-Force ID: 111783...
Authorization
In SAP Solution Manager 7.20, the role SAPBPOCONFIG gives the Business Process Operations BPO configuration user more authorization than required for configuring the BPO tools...
CVE-2017-17693
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback...
CVE-2017-1628
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...
Huawei FusionSphere OpenStack Licensing Issue Vulnerability
Huawei FusionSphere OpenStack is a suite of FusionSphere cloud operating system cloud platform software for ICT scenarios from Huawei, China. An authorization issue vulnerability exists in Huawei FusionSphere OpenStack version V100R006C00, which stems from an unreasonable privilege configuration...
CVE-2017-14007
CVE-2017-14007 affects the ProMinent MultiFLEX M10a Controller web interface. The issue is Insufficient Session Expiration: a user’s session remains usable beyond the last activity, allowing an attacker to reuse an old session for authorization. Public sources (NVD) document the vulnerability wit...
Huawei FusionSphere Authorization Issues Vulnerability
Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from an authorization issue vulnerability, which can be exploited by an attacker to execute arbitrary commands, which in turn can query, modify, an...
Authorization
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This causes a denial of service. This might be...
PT-2022-13726 · Phpipam +1 · Phpipam +1
Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.4.6 Description: The issue is related to improper access control, which can lead to incorrect authorization. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the iss...
CVE-2015-4298
CVE-2015-4298 affects Cisco Unified Web and E-Mail Interaction Manager (versions 9.0(2) and 11.0(1)). The root cause is improper authorization handling that allows remote authenticated users to read or write stored data via unspecified vectors. The vulnerability results from insufficient validati...
CVE-2014-3896
Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...
Important: Red Hat Security Advisory: JBoss Remoting security update
This advisory contains instructions on how to resolve one security issue found in the JBoss Remoting component, which is included in Red Hat JBoss Enterprise Application Platform 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1. The Red Ha...
Authorization
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently...
CVE-2014-0908
The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...
CVE-2012-3356
Removed by vendor...