977 matches found
Design/Logic Flaw
The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...
CVE-2013-6695
The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...
Design/Logic Flaw
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors...
CVE-2013-3005
CVE-2013-3005 affects the IBM AIX 6.1 and 7.1 TFTP client (and VIOS 2.2.2.2-FP-26 SP-02) where, with RBAC enabled, remote authenticated users can bypass file ownership restrictions and read or overwrite arbitrary files via tftp. Connected advisories document this as a client-side TFTP RBAC bypass...
CVE-2013-0411
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration...
Default configuration
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration...
CVE-2013-0411
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration...
CVE-2013-0411
CVE-2013-0411 concerns an unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 related to the RBAC Configuration. The connected records indicate the subcomponent involved is RBAC Configuration and describe impact to confidentiality, integrity, and availability via local access. Affected v...
Solaris 10 (x86) : 148028-03 (deprecated)
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: RBAC Configuration. Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components...
Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability
Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication services offered by the affected application. The vulnerability is due to improper validation of user-supplied input processed by the affecte...
Design/Logic Flaw
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file...
CVE-2012-4845
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file...
Solaris 9 (sparc) : 115336-06
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: RBAC Configuration. Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components...
Solaris 9 (x86) : 115337-05
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: RBAC Configuration. Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components...
HP-UX Update for Role-Based Access Control (RBAC) HPSBUX02457
Check for the Version of Role-Based Access Control RBAC OpenVAS Vulnerability Test HP-UX Update for Role-Based Access Control RBAC HPSBUX02457 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
HP-UX PHCO_40131 : HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access (HPSBUX02457 SSRT090174 rev.1)
s700800 11.31 rbac cumulative patch : A potential security vulnerability has been identified with HP-UX running Role-Based Access Control RBAC. The vulnerability could be exploited locally to gain unauthorized access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
CVE-2009-2682
Unspecified vulnerability in Role-Based Access Control RBAC in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors...
Code injection
Multiple unspecified vulnerabilities in the 1 iscsiadm and 2 iscsitadm programs in Sun Solaris 10, and OpenSolaris snv28 through snv109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library...
CVE-2009-3390
Multiple unspecified vulnerabilities in the 1 iscsiadm and 2 iscsitadm programs in Sun Solaris 10, and OpenSolaris snv28 through snv109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library...
CVE-2009-2682
CVE-2009-2682 describes an unspecified local vulnerability in HP-UX RBAC that could let a local user bypass access restrictions on HP-UX B.11.23 and B.11.31. Related OpenVAS/NVD entries confirm HP-UX RBAC components (RBAC-CONF, RBAC-RUN, RBAC-WEB) as affected, with the HP Security Bulletin HPSBUX...