Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-26 | CVE-2018-15833 | Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | 4.3 |
| 2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |
| 2018-04-25 | CVE-2018-10211 | Authorization Bypass Through User-Controlled Key vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.3 |
| 2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 5.7 |
| 2017-10-11 | CVE-2017-15211 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15209 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15208 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15207 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15206 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15204 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | 4.3 |