10 matches found
CVE-2024-58337
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities...
CVE-2024-58337 Akuvox Smart Intercom S539 Improper Access Control via ServicesHTTPAPI
Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities...
CVE-2025-48414
There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...
CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...
Improper Privilege Management
org.keycloak: keycloak-services is vulnerable to Improper Privilege Management. The vulnerability is due to users with low privileges being able to utilize administrative functionalities within the Keycloak admin interface...
CVE-2023-33443
Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to the desired endpoints...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Magnolia CMS 4.5.8 Access Bypass
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ======= CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...