132 matches found
CVE-2018-9853
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server...
CVE-2018-9853
CVE-2018-9853 affects freeSSHd version 1.3.1. The root cause is insecure access control that lets an attacker log in to an unprivileged account and escalate to the privileges of the freesshd.exe process. This yields a high to critical impact in practice, as indicated by the CVSS metrics (high con...
bezak.umms.med.umich.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-632920 Description| Value ---|--- Affected Website:| bezak.umms.med.umich.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
sites.lsa.umich.edu Improper Access Control vulnerability
Open Bug Bounty ID: OBB-628086 Description| Value ---|--- Affected Website:| sites.lsa.umich.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Wordpress Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Multiple Remote Vulnerabilities in Apache HBase
Apache HBase is a database for online services with native support for Hadoop, making it an obvious choice for applications that base their data processing on the scalability and flexibility of Hadoop. HBase versions 0.98.0 - 0.98.12, 1.0.0 - 1.0.1, and 1.1.0 have logic errors that can be handled...
McAfee Email Gateway systemWebAdminConfig.do不安全访问控制漏洞
BUGTRAQ ID: 40255 McAfee Email Gateway之前名为IronMail,是企业级的硬件邮件网关和管理平台。 McAfee Email Gateway的systemWebAdminConfig.do配置文件没有执行正确的权限检查,拥有只读权限的Web Access用户可以通过在服务器响应的Form字段中添加HTML代码或发送特制POST请求执行写权限操作。 0 McAfee Email Gateway 6.7.1 厂商补丁: McAfee ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
PT-2006-2389 · Trend Micro · Trend Micro Interscan Messaging Security Suite
Name of the Vulnerable Software and Affected Versions: Trend Micro InterScan Messaging Security Suite versions prior to 5.7.0.1121 Description: The issue concerns the ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite, which uses insecure DACLs for critical files. This allows...
CVE-2003-1213
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb...
CVE-2003-1133
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages...
CVE-2002-2324
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list ACL permissions, which allows local users to access restricted files and modify registry settings...
Midicart ASP - Remote Customer Information Retrieval
Midicart ASP - Remote Customer Information Retrieval source: https://www.securityfocus.com/bid/5438/info Midicart ASP is a commercially available e-commerce solution distributed by Coxco Support. It is available for the Microsoft Windows operating system. The default installation of Midicart ASP...
CVE-2002-0066
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges...