Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2019-06-05 CVE-2019-12742 Authorization Bypass Through User-Controlled Key vulnerability in Bludit
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin.
network
low complexity
bludit CWE-639
8.8
2019-05-21 CVE-2019-12252 Authorization Bypass Through User-Controlled Key vulnerability in Zohocorp Manageengine Servicedesk Plus
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring.
network
low complexity
zohocorp CWE-639
6.5
2019-05-15 CVE-2019-10108 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
network
low complexity
gitlab CWE-639
5.4
2019-05-06 CVE-2018-18976 Authorization Bypass Through User-Controlled Key vulnerability in Ascensia Contour Diabetes
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15.
network
low complexity
ascensia CWE-639
5.3
2019-04-17 CVE-2019-9756 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.
network
low complexity
gitlab CWE-639
critical
9.8
2019-04-17 CVE-2019-9219 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.
network
high complexity
gitlab CWE-639
3.7
2019-04-17 CVE-2019-9170 Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1.
network
low complexity
gitlab CWE-639
5.3
2019-03-29 CVE-2019-9921 Authorization Bypass Through User-Controlled Key vulnerability in Harmistechnology JE Messenger 1.2.2
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!.
network
low complexity
harmistechnology CWE-639
6.5
2019-03-22 CVE-2019-9938 Authorization Bypass Through User-Controlled Key vulnerability in Ushareit Shareit 4.0.34/4.0.38
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc.
high complexity
ushareit CWE-639
5.3
2019-03-21 CVE-2019-6716 Authorization Bypass Through User-Controlled Key vulnerability in Logonbox Nervepoint Access Manager 1.2/1.3/1.4
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.
network
low complexity
logonbox CWE-639
critical
9.4