101 matches found
PT-2024-2150 · Hikvision · Hikcentral Professional
Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, which could allow an attacker to gain access to certain URLs that they should not have access to. This is a...
Inadequate Access Control
moodle/moodle is vulnerable to Inadequate Access Control. This vulnerability allows unauthorized access by local users to create arbitrary events intended for higher roles. An attacker can add events to the calendar of all users without their prior consent...
PT-2024-1548 · Unknown · Aria Operations For Networks
Name of the Vulnerable Software and Affected Versions: Aria Operations for Networks affected versions not specified Description: A local privilege escalation issue exists in Aria Operations for Networks, related to inadequate access control. This issue can be exploited by a console user with acce...
ciglsteinfort.lu Improper Access Control vulnerability OBB-3845228
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic
Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...
PT-2023-8538 · Gitlab · Gitlab Ee Ultimate +2
Name of the Vulnerable Software and Affected Versions: GitLab EE Premium and Ultimate versions 16.4.3 through 16.6.1 Description: The issue is related to inadequate access control in GitLab, allowing subgroup members with the Developer role to potentially push or merge to protected branches in...
kslflooring.com Improper Access Control vulnerability OBB-3802852
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
expendedoraepis.com Improper Access Control vulnerability OBB-3798338
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2023-6947 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a component of Windows Authentication and is associated with inadequate access control. Exploitation of this issue may allow an attacker to elevate their privileges...
PT-2023-6588 · Sielco · Sielco Polyeco1000
Name of the Vulnerable Software and Affected Versions: Sielco PolyEco1000 affected versions not specified Description: The issue is related to inadequate access control in the Sielco PolyEco1000 digital fm-transmitter's software. An attacker can exploit this by modifying passwords in POST request...
PT-2023-6235 · D Link · D-Link Dir-820L
Name of the Vulnerable Software and Affected Versions: D-Link DIR-820L version 1.05B03 Description: The issue is related to inadequate access control in the firmware of D-Link DIR-820L routers. Exploitation of this issue could allow a remote attacker to execute arbitrary code. Recommendations: Fo...
PT-2023-5979 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the file system of the Windows operating system and is associated with inadequate access control. It allows an attacker to elevate their privileges. There is no...
PT-2023-5565 · Huawei · Harmonyos +1
Name of the Vulnerable Software and Affected Versions: DDMP module affected versions not specified Description: The issue is related to a data security classification vulnerability in the DDMP module, which may affect confidentiality. Successful exploitation of this vulnerability could allow a...
The vulnerability of TeamPass’ password managers, related to inadequate access control, allows attackers to disclose sensitive information that should be protected.
The vulnerability of the TeamPass password manager is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
PT-2023-3191 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Windows Authentication component in Windows operating systems and is associated with inadequate access control. It allows an attacker to elevate their privileges...
PT-2023-3798 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.7 Description: The issue is related to inadequate access control in the GLPI system, which can be exploited by a remote attacker to modify or view dashboard data. This is due to an incorrect rights check on a...
PT-2023-6748 · Dell · Dell Command | Monitor
Name of the Vulnerable Software and Affected Versions: Dell Command | Monitor versions prior to 10.9 Description: The issue is related to inadequate access control in the Dell Command | Monitor software, which can be exploited to delete arbitrary files. A locally authenticated malicious user may...
PT-2022-7049 · Microsoft · Azure Storsimple 8000 Series
Name of the Vulnerable Software and Affected Versions: Microsoft Azure StorSimple 8000 series affected versions not specified Description: The issue is related to inadequate access control in the Microsoft Azure StorSimple 8000 series, which can be exploited to elevate privileges. Recommendations...
PT-2022-23015 · Jellyfin · Jellyfin
Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.8 Description: The issue is related to incorrect access control for admin functionality at the "/users" endpoint. This lack of access control can be leveraged to perform a cross-site scripting attack...
PT-2022-4416 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite affected versions not specified Description: The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary...