17 matches found
CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
CVE-2026-30368
A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
EUVD-2025-200093
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
CVE-2025-51682
mJobtime v15.7.2 is affected by two issues. CVE-2025-51682 describes client‑side authorization handling that can be bypassed to gain access to administrative features by modifying client code and crafting requests that call admin functions. CVE-2025-51683 describes a blind SQL injection via a cra...
CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...
EUVD-2010-3279
Malware in sbrugna...
ZyXEL ZyWALL USG client side authorization config disclosure
Details ======= Product: ZyXEL USG Unified Security Gateway appliances ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG-200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000 Possibly other ZLD-based products Affected Versions: Firmware Releases before April 25, 20...
[RT-SA-2011-004] Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface
Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface The ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited acce...
ZyXEL ZyWALL USG unauthorized access
Unauthenticated configuration access is possible, authorization is performed on client side...
ZyWALL USG Appliance Access Bypass
Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web Interface The ZyXEL ZyWALL USG appliances perform parts of the authorization for their management web interface on the client side using JavaScript. By setting the JavaScript variable "isAdmin" to "true", a user with limited acce...
Authorization
The CCAgent option 9.0.8.4 and earlier in the management server aka TSA component in Alcatel-Lucent OmniTouch Contact Center Standard Edition relies on client-side authorization checking, and unconditionally sends the SuperUser password to the client for use during an authorized session, which...
WebEOC privileges are based on client-side authorization
Overview WebEOC ties privileges and roles to client-side resources. If an attacker can access a resource directly, that attacker will be granted all the privileges associated with that resource. Description WebEOC is a web-based crisis information management application that provides functions to...