18 matches found
CVE-2022-45760
SENS v1.0 is vulnerable to Incorrect Access Control vulnerability...
CVE-2025-27649
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016...
Improper access control
4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged...
CVE-2023-46387
LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Incorrect Access Control via dpalconfig.zml file. This vulnerability allows remote attackers to disclose sensitive information on Loytec device data point configuration...
Improper access control
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication...
Improper access control
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats...
CVE-2021-45428
Summary: CVE-2021-45428 affects Telesquare TLR-2005KSH 1.0.0. An incorrect access control vulnerability leaves the PUT/WebDAV path enabled, allowing an attacker to upload arbitrary files (e.g., HTML/CGI). This can lead to remote code execution as described in public exploit notes. The NVD metrics...
CVE-2020-25514
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http:///lms/admin.php...
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2019-1404)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-16877
Portainer before 1.22.1 has Incorrect Access Control issue 4 of 4...
EulerOS Virtualization for ARM 64 3.0.1.0 : python-paramiko (EulerOS-SA-2019-1404)
According to the versions of the python-paramiko package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and...
CVE-2019-1000011
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via the user must be authorized. This vulnerability...
Improper access control
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...
CVE-2018-1000805
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...
Improper access control
MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...
Improper access control
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2...
Improper access control
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...
CVE-2018-3813
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVIUSERID and AVIUSERPASSWORD fields via a direct request...