CVE-2023-35078

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication...

Design/Logic Flaw

The Brizy Page Builder plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.4.18. This is due to an implicit trust of user-supplied IP addresses in an 'X-Forwarded-For' HTTP header for the purpose of validating allowed IP addresses against a Maintenance Mo...

GHSA-32JC-9P58-P82X Moodle Improper Access Control vulnerability

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality...

Moodle Access Control Error Vulnerability (CNVD-2022-54955)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. an access control error vulnerability exists in Moodle, which stems from improper access restrictions. A remote attacker could use the...

GitLab Enterprise Edition 访问控制错误漏洞

GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Enterprise Edition and Gitlab Community Edition that stems from improperly restricted access. When a remote authenticated attacker is linked to an item in the vulnerability indicator...

CVE-2021-33704

Summary: CVE-2021-33704 affects SAP Business One 10.0 Service Layer. An authenticated attacker can invoke functions that should be restricted, enabling reading, modification, or deletion of restricted data. The vulnerability arises from missing authorization checks and can be exploited over the n...

Apple macOS Big Sur 访问控制错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. An access control error vulnerability exists in macOS Big Sur, which stems from a feature that allows local users to gain unauthorized access to otherwise restricted functionality. Affected Versions:macOS: 11.0 20A2411, 11.0.1 20B29,...

CVE-2020-5799

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

Design/Logic Flaw

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

PT-2023-3316 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient limitations on the start page preference in Moodle, allowing a remote attacker to set this preference for another user. This enables the attacker to gain...

CVE-2020-15921

Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution...

CVE-2016-1579

The CVE describes a vulnerability in UDM where post-download commands are not restricted to confined apps, allowing any confined application to invoke UDM’s C++ API to run arbitrary commands as the phablet user in an unconfined environment. Affected component: UDM’s post-processing command execut...

Inova Partner Authorization Bypass Vulnerability (CNVD-2019-08310)

Inova Partner is a CRM solution for biotech, pharmaceutical and other life science companies. An authorization bypass vulnerability exists in 5.0.5-RELEASE, Build 0510-0906 and earlier versions of Inova Partner, which can be exploited by an attacker to access restricted functionality...

Amazon Linux AMI : nvidia (ALAS-2018-991)

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. CVE-2018-6247 NVIDIA Windows GPU Display Driver contains a vulnerability ...

CVE-2018-6252

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service...

Authorization

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

CVE-2017-12117

An exploitable improper authorization vulnerability exists in minerstart API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this...

PT-2018-5356 · Ethereum · Cpp-Ethereum

Name of the Vulnerable Software and Affected Versions: cpp-ethereum versions affected versions not specified Description: An issue exists in the miner setEtherbase API endpoint of cpp-ethereum's JSON-RPC, allowing for improper authorization. A JSON request can bypass authorization, resulting in...

Vulnerability in Cisco Prime Collaboration Assurance

Cisco Prime Collaboration Assurance is a set of enterprise collaboration network management solutions from the U.S. company Cisco Cisco. A security vulnerability exists in the Web framework of Cisco Prime Collaboration Assurance. A remote attacker could exploit the vulnerability by sending a...

bacula -- Console ACL Bypass

A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error within the implementation of console ACLs, which can be exploited to gain access to certain restricted functionality and e....