59 matches found
CVE-2025-31965
CVE-2025-31965 concerns HCL BigFix Remote Control Server WebUI, affected on version 10.1.0.0248 and earlier. The root issue is improper access restrictions that allow non-admin users to view unauthorized information on certain pages (authorization bypass). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R...
ROS-20250402-04
Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...
ROS-20241114-02
The vulnerability of the micrel component of the Linux operating system kernel is related to the NULL pointer dereferencing in lan8814txtstamp, lan8814getsigrx, lan8814matchrxts, lan8814ptpciadjfine functions, lan8814getsigtx, lan8814dequeuetxskb, and lan8814matchskb in drivers/net/phy/micrel.c...
Local File Inclusion (LFI)
vite is vulnerable to arbitrary file exposure. The vulnerability is due to improper enforcement of file access restrictions in the @fs mechanism, allowing attackers to bypass the allow list by adding ?import to the URL and retrieving the contents of arbitrary files...
IBM Robotic Process Automation Access Control Error Vulnerability
IBM Robotic Process Automation is a robotic process automation product from IBM USA. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation version 21.0.0, 21.0.1, and...
Apache Superset Access Control Error Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an Access Control Error vulnerability that stems from improper access restrictions. A remote attacker could exploit the vulnerability to bypass implemented security...
Moodle Access Control Error Vulnerability (CNVD-2022-54955)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. an access control error vulnerability exists in Moodle, which stems from improper access restrictions. A remote attacker could use the...
Fortinet fortimanager access control error vulnerability (CNVD-2022-18532)
Fortinet FortiGate is a network security platform from Fortinet, Inc. The platform provides firewall, anti-virus and intrusion prevention IPS, application control, anti-spam, wireless controller, and WAN acceleration.Fortinet fortimanager has an access control error vulnerability that is caused b...
F5 BIG-IQ Access Control Error Vulnerability (CNVD-2022-26842)
F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and web services across public and private clouds, traditional data centers, and hybrid environments.An access control error vulnerability exists in the F5 BIG-IQ...
Magento Commerce 和 Magento Open Source 访问控制错误漏洞
Magento Open Source is to provide basic e-commerce functionality that allows you to build unique online stores from scratch.Magento Commerce is to provide a best-in-class shopping experience without the need for developer support.Magento Open Source is to provide basic e-commerce functionality th...
Nextcloud Access Control Error Vulnerability (CNVD-2021-102889)
An access control error vulnerability exists in Nextcloud End-to-End Encryption, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from improper access restrictions. The vulnerability allows remote attackers to gain...
Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions
Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions Exploit Title: Zoho ManageEngine ServiceDesk Plus 10.5 Incorrect Access Control Date: 2019-05-21 Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...
Ektron CMS 9.20 SP2 - Improper Access Restrictions
Ektron CMS 9.20 SP2 - Improper Access Restrictions Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...
Ektron CMS 9.20 SP2 Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability
Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...
Citrix StorageZones Controller Improper Access Restrictions / Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller vulnerable version: all versions before 5.4.2 fixed version: 5.4.2 CVE number: CVE-2018-16968,...
Apache Struts 2.x < 2.3.18 Multiple Critical Vulnerabilities (S2-008)
The version of Apache Struts running on the remote host is 2.x prior to 2.3.18. It, therefore, is affected by multiple critical vulnerabilities: - A remote code execution vulnerability exists in ExceptionDelegator due to improper validation of user-supplied input. An unauthenticated, remote...
ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...
ZTE ZXDSL 831CII - Improper Access Restrictions
ZTE ZXDSL 831CII - Improper Access Restrictions Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953...
ZTE ZXDSL 831CII - Improper Access Restrictions
Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...