42 matches found
CVE-2014-0908
The User Attribute implementation in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information,...
CVE-2005-0409
CVE-2005-0409 affects CitrusDB 0.3.6 and earlier. The vulnerability arises because importcc.php and uploadcc.php do not perform proper authorization checks, allowing remote attackers to upload credit card data and learn the pathnames of temporary files storing that data, which can facilitate acce...