Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-16704 | Authorization Bypass Through User-Controlled Key vulnerability in Gleeztech Gleezcms 1.3.0 An issue was discovered in Gleez CMS v1.2.0. | 4.3 |
| 2018-09-06 | CVE-2018-16606 | Authorization Bypass Through User-Controlled Key vulnerability in Proconf In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | 6.5 |
| 2018-08-26 | CVE-2018-15833 | Authorization Bypass Through User-Controlled Key vulnerability in Vanillaforums Vanilla Forums In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote for multiple items). | 4.3 |
| 2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |
| 2018-04-25 | CVE-2018-10211 | Authorization Bypass Through User-Controlled Key vulnerability in Vaultize Enterprise File Sharing 17.05.31 An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. | 5.3 |
| 2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 5.7 |
| 2017-10-11 | CVE-2017-15211 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15209 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15208 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | 4.3 |
| 2017-10-11 | CVE-2017-15207 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | 4.3 |