8 matches found
CVE-2024-9155
Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...
Unspecified Vulnerability in ASRock RGB Driver
ASRock RGB Driver is a RGB three primary colors light mode light driver from ASRock Taiwan, China. A security vulnerability exists in the AsrDrv103.sys file in ASRock RGB Driver, which originates from the program's failure to properly restrict access from user space. No details of the vulnerabili...
CVE-2016-1220
Cybozu Garoon before 4.2.2 does not properly restrict access...
CVE-2016-4889
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions...
CG-WLR300NX fails to restrict access permissions
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
ManageEngine Desktop Central Remote Security Bypass (Intrusive Check)
The version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within...
CVE-2004-0749
The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...
CVE-2001-0535
The CVE-2001-0535 issue affects ColdFusion Server 4.x Exampleapps, where access checks do not correctly limit requests from outside the local host domain. This enables remote attackers to spoof the HTTP Host (CGI.Host) to the Web Publish and Email example scripts, allowing upload, read, or execut...