Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-28 | CVE-2019-13028 | Improper Access Control vulnerability in Minv Electronic Identification Cards Client An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page. | 8.8 |
2019-06-28 | CVE-2018-14885 | Improper Access Control vulnerability in Odoo 10.0/11.0 Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. | 9.8 |
2019-06-28 | CVE-2018-14867 | Improper Access Control vulnerability in Odoo 10.0/9.0 Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters. | 5.3 |
2019-06-20 | CVE-2018-16553 | Improper Access Control vulnerability in Jspxcms 9.0.0 In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin. | 7.2 |
2019-06-19 | CVE-2019-2729 | Improper Access Control vulnerability in Oracle products Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | 9.8 |
2019-06-19 | CVE-2018-17148 | Improper Access Control vulnerability in Nagios XI An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials. | 9.8 |
2019-06-17 | CVE-2017-10721 | Improper Access Control vulnerability in Ishekar Endoscope Camera Firmware Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. | 6.5 |
2019-06-17 | CVE-2018-18958 | Improper Access Control vulnerability in Opnsense OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. | 6.5 |
2019-06-07 | CVE-2018-10691 | Improper Access Control vulnerability in Moxa Awk-3121 Firmware 1.14 An issue was discovered on Moxa AWK-3121 1.14 devices. | 7.5 |
2019-06-07 | CVE-2018-5264 | Improper Access Control vulnerability in UI Unifi Firmware Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter. | 5.9 |