4 matches found
CVE-2025-23403
A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...
CVE-2014-7210
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected...
Security Bulletin: User permission vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1326)
Summary IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. Vulnerability Details CVEID: CVE-2017-1326 DESCRIPTION: IBM Sterling File...
CVE-2016-9182
Exponent CMS 2.4 is vulnerable to a permission-bypass flaw in its controller dispatch: PHP reflection treats method names as case-insensitive and undefined actions may run by default. An attacker can use a capitalized method name (e.g., action=Preview) to bypass checks that would deny access with...