CVE-2016-0918

EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL...

CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

CVE-2014-0858

IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL...

CVE-2014-1643

The Web Email Protection component in Symantec Encryption Management Server aka PGP Universal Server before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL...

Code injection

The Web Email Protection component in Symantec Encryption Management Server aka PGP Universal Server before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL...

CVE-2014-1643

The Web Email Protection component in Symantec Encryption Management Server aka PGP Universal Server before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL...

CVE-2013-5454

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL...

Code injection

IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL...

Design/Logic Flaw

McAfee ePolicy Orchestrator ePO 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL...

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

CVE-2008-7310

Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...

Authentication flaw

The single sign-on SSO implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified urlaccount parameter, in conjunction with a valid login name in the SSPIHEADER parameter, to index.php...

Code injection

The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL...

CVE-2008-4047

CVE-2008-4047 affects Novell Forum (SiteScape Forum) versions 7.0–8.0. It enables remote attackers to execute arbitrary TCL code by supplying a modified URL, as described in the CVE entry (note possible overlap with CVE-2007-6515). The provided documents confirm the existence of a TCL injection v...

Design/Logic Flaw

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...

CVE-2007-4143

user.php in the Billing Control Panel in phpCoupon allows remote authenticated users to obtain Premium Member status, and possibly acquire free coupons, via a modified URL containing a certain billing parameter and REQ=auth, status=success, and custom=upgrade substrings, possibly related to PayPa...

Code injection

The Project issue tracking module before 4.7.x-1.3, 4.7.x-2. before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier...

CVE-2006-5414

Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL...

CVE-2005-4206

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to...