Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.5 views

CVE-2022-45760

SENS v1.0 is vulnerable to Incorrect Access Control vulnerability...

8.8CVSS6.9AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/07 2:29 a.m.8 views

CVE-2025-27649

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016...

9.8CVSS7.2AI score0.00832EPSS
Exploits1References1
Prion
Prion
added 2024/02/14 11:15 p.m.10 views

Improper access control

4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged...

7.1AI score0.00767EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/11/30 12:0 a.m.10 views

CVE-2023-46387

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...

6.6AI score0.01973EPSS
Exploits2References4
Prion
Prion
added 2022/01/18 3:15 p.m.14 views

Improper access control

SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication...

5CVSS7.6AI score0.01678EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/01/03 2:15 p.m.12 views

Improper access control

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...

7.5CVSS9.5AI score0.56931EPSS
Exploits5References2
CVE
CVE
added 2022/01/03 1:25 p.m.251 views

CVE-2021-45428

Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...

9.8CVSS9.4AI score0.56931EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2020/09/22 5:54 p.m.12 views

CVE-2020-25514

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...

8.4AI score0.00629EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2019-1404)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.04407EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/11/07 3:13 p.m.17 views

CVE-2019-16877

Portainer before 1.22.1 has Incorrect Access Control issue 4 of 4...

9.2AI score0.01036EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.23 views

EulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404)

According to the versions of the python-paramiko package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and...

8.8CVSS8.1AI score0.04407EPSS
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.17 views

CVE-2019-1000011

API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability...

6.5CVSS6.5AI score0.01024EPSS
Exploits0References2
Prion
Prion
added 2019/02/04 9:29 p.m.14 views

Improper access control

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...

5.5CVSS6.6AI score0.01107EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/10/08 3:29 p.m.23 views

CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

8.8CVSS8.6AI score0.04407EPSS
Exploits0References11
Prion
Prion
added 2018/07/13 6:29 p.m.19 views

Improper access control

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

6.5CVSS6.9AI score0.64088EPSS
Exploits6References4Affected Software1
Prion
Prion
added 2018/06/26 4:29 p.m.21 views

Improper access control

WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2...

5.5CVSS7.5AI score0.00836EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/04/18 7:29 p.m.11 views

Improper access control

LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...

5CVSS7.5AI score0.01268EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/01/01 8:0 p.m.14 views

CVE-2018-3813

getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVIUSERID and AVIUSERPASSWORD fields via a direct request...

9.6AI score0.01186EPSS
Exploits1References1
Rows per page
Query Builder