CVE-2022-4062

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...

CVE-2022-4062

The CVE-2022-4062 issue affects Schneider Electric EcoStruxure Power Commission prior to V2.25. It is a CWE-285 improper authorization vulnerability that could allow unauthorized access to certain software functions when an attacker gains access to the localhost interface. Impact is described as ...

GHSA-GMHJ-XJFH-CF6M Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library

Not invoking a call to pamacctmgmt after a call to pamauthenticate to check the validity of a login can lead to an authorization bypass. Impact Exploitability The attack can be carried over the network. A complex non-standard configuration or a specialized condition is required for the attack to ...

JVN#14077132: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-2909 Operation restriction bypass in multiple applications CWE-285 - CVE-2022-30602 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L| Base Score: 5.4 CVSS v2|...

JVN#73897863: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...

Authorization

An improper authorization vulnerabiltiy CWE-285 in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater...

CVE-2021-36167

CVE-2021-36167 describes an improper authorization vulnerability (CWE-285) in FortiClient for Windows that could allow an unauthenticated attacker to bypass the web filter by modifying the session-id parameter. Affected products/versions include FortiClient Windows 7.0.0, 6.4.6 and earlier, and 6...

FortiClient (Windows) - Privilege escalation vulnerability

An improper authorization vulnerability CWE-285 in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates...

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls Equipment: American Dynamics victor Web Client, Software House C•CURE Web Client Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation...

MailDepot 2032 SP2 (2.2.1242) Authorization Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...

CVE-2020-7530

CVE-2020-7530 affects SCADAPack 7x Remote Connect ≤ 3.6.3.574, with a CWE-285 improper authorization flaw that enables access to executable code folders. Root cause: insufficient/authentication weakness in the authorization mechanism. Consequence: potential unauthorized access to folders containi...

CVE-2020-7530

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2018-1142)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mercurial (EulerOS-SA-2018-1112)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins via mmc.exe automatically elevate without prompting UAC potentially leading to unintentional elevation of...

Johnson Controls exacqVision Enterprise System Manager

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Johnson Controls Equipment: exacqVision Enterprise System Manager ESM Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...

Slims CMS Akasia 8.3.1 SQL Injection

Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/05/2019 Vendor Homepage : slimsetd.id - slims.web.id Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia Software...

Jenkins Ansible Tower Plugin information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the testTowerConnection function of the Jenkins Ansible Tower Plugin 0.9.1. A specially crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cause affected versions of thi...

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities

Exploit for linux platform in category web applications ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...