Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-06 | CVE-2018-18976 | Authorization Bypass Through User-Controlled Key vulnerability in Ascensia Contour Diabetes An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. | 5.3 |
| 2019-04-17 | CVE-2019-9756 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 9.8 |
| 2019-04-17 | CVE-2019-9219 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 3.7 |
| 2019-04-17 | CVE-2019-9170 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. | 5.3 |
| 2019-03-29 | CVE-2019-9921 | Authorization Bypass Through User-Controlled Key vulnerability in Harmistechnology JE Messenger 1.2.2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. | 6.5 |
| 2019-03-22 | CVE-2019-9938 | Authorization Bypass Through User-Controlled Key vulnerability in Ushareit Shareit 4.0.34/4.0.38 The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. | 5.3 |
| 2019-03-21 | CVE-2019-6716 | Authorization Bypass Through User-Controlled Key vulnerability in Logonbox Nervepoint Access Manager 1.2/1.3/1.4 An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request. | 9.4 |
| 2018-12-23 | CVE-2018-20405 | Authorization Bypass Through User-Controlled Key vulnerability in Bigtreecms Bigtree 4.3 BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. | 2.7 |
| 2018-09-12 | CVE-2018-16971 | Authorization Bypass Through User-Controlled Key vulnerability in Wisetail Learning Management System Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | 4.3 |
| 2018-09-10 | CVE-2018-16608 | Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4 In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | 8.8 |