5823 matches found
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
CVE-2017-16773
CVE-2017-16773 affects Synology Universal Search, specifically the Highlight Preview component, prior to version 1.0.5-0135. The root cause is an improper authorization check that allows remote authenticated users to bypass directory permissions in POSIX mode. Impact is the ability to access or b...
CVE-2017-16773
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode...
Security Bulletin: Improper authorization by non-admin user in IBM Content Navigator (CVE-2014-0858)
Summary Using 3rd party tools, a non-admin user can modify the URL action so that instead of a getAction, the user can perform a deleteAction against the configuration database. Vulnerability Details CVEID: CVE-2014-0858 DESCRIPTION: Improper authorization by non-admin user CVSS Base Score: 3.5...
Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Improper Authorization Vulnerability (CVE-2016-0239)
Summary IBM Security Guardium Database Activity Monitor could allow a remote authenticated attacker to issue a specially HTTP request as administrator. Vulnerability Details CVEID: CVE-2016-0239 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a remote authenticated attack...
Synology Calendar Improper Authorization Vulnerability
Synology Calendar is a file protection program from Synology that runs on Synology NAS devices. An authorization issue vulnerability exists in SYNO.Cal.Event in Synology Calendar. A remote attacker can exploit this vulnerability to create arbitrary events with the 'calid' or 'originalcalid'...
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
Authorization
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the 1 calid or 2 originalcalid parameter...
CVE-2018-8927
The CVE-2018-8927 entry concerns Synology Calendar (SYNO.Cal.Event). The vulnerability is an improper authorization issue in Calendar before version 2.1.2-0511, enabling remote authenticated users to create arbitrary events through the cal_id or original_cal_id parameters. The provided documents ...
OpenFlow has multiple vulnerabilities
OpenFlow is an open source network communication protocol, a data link layer that controls the forwarding plane of a network switch or router, and is considered one of the first software-defined networking SDN standards. A denial of service and improper authorization vulnerability exists in the...
CVE-2018-1000155
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...
CVE-2018-1000155
OpenFlow vulnerability CVE-2018-1000155 affects OpenFlow 1.0 and later during the handshake: the DPID in features_reply is treated as trusted by the controller, enabling Denial of Service and Improper Authorization. The issue can lead to DoS, Unauthorized Access, and network instability once an a...
CVE-2018-1000155
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID DataPath IDentifier in the featuresreply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network...
PT-2018-25: Improper Authorization in PRTG Network Monitor
The specialists of the Positive Research center have detected an Improper Authorization vulnerability in PRTG Network Monitor. Vulnerability due to improper validation of user rights allows attackers with read-only privileges to create users with read-write privileges including administrators via...
PT-2018-24: Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor
The specialists of the Positive Research center have detected an Authentication Bypass, Improper Authorization and Local File Inclusion in PRTG Network Monitor. Vulnerability allows remote unauthenticated attackers to create users with read-write privileges including administrators by overriding...
Vaultize Enterprise File Sharing Design Vulnerability
Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A security vulnerability exists in Vaultize Enterprise File Sharin...
Multiple IBM Products Jazz Team Server Denial of Service Vulnerabilities
IBM Rational Collaborative Lifecycle Management CLM and others are products of IBM Corporation in the U.S. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle...
CVE-2018-10212
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...