4 matches found
GHSA-9RJ9-5WCV-XGF2 Roundup Improper Access Control
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...
TeamPass items.series.php Access Control Vulnerability
TeamPass is a dedicated password manager for Apache, MySQL and PHP. An access control vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to properly enforce item access control. An attacker can exploit the vulnerability by tampering with requests to...
Cisco UCS Director Privilege Escalation Vulnerability
A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...
CVE-2009-2737
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...