Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2019-06-28 CVE-2019-13028 Improper Access Control vulnerability in Minv Electronic Identification Cards Client
An incorrect implementation of a local web server in eID client (Windows version before 3.1.2, Linux version before 3.0.3) allows remote attackers to execute arbitrary code (.cgi, .pl, or .php) or delete arbitrary files via a crafted HTML page.
network
low complexity
minv CWE-284
8.8
2019-06-28 CVE-2018-14885 Improper Access Control vulnerability in Odoo 10.0/11.0
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password.
network
low complexity
odoo CWE-284
critical
9.8
2019-06-28 CVE-2018-14867 Improper Access Control vulnerability in Odoo 10.0/9.0
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
network
low complexity
odoo CWE-284
5.3
2019-06-20 CVE-2018-16553 Improper Access Control vulnerability in Jspxcms 9.0.0
In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
network
low complexity
jspxcms CWE-284
7.2
2019-06-19 CVE-2019-2729 Improper Access Control vulnerability in Oracle products
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
network
low complexity
oracle CWE-284
critical
9.8
2019-06-19 CVE-2018-17148 Improper Access Control vulnerability in Nagios XI
An Insufficient Access Control vulnerability (leading to credential disclosure) in coreconfigsnapshot.php (aka configuration snapshot page) in Nagios XI before 5.5.4 allows remote attackers to gain access to configuration files containing confidential credentials.
network
low complexity
nagios CWE-284
critical
9.8
2019-06-17 CVE-2017-10721 Improper Access Control vulnerability in Ishekar Endoscope Camera Firmware
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default.
network
low complexity
ishekar CWE-284
6.5
2019-06-17 CVE-2018-18958 Improper Access Control vulnerability in Opnsense
OPNsense 18.7.x before 18.7.7 has Incorrect Access Control.
network
low complexity
opnsense CWE-284
6.5
2019-06-07 CVE-2018-10691 Improper Access Control vulnerability in Moxa Awk-3121 Firmware 1.14
An issue was discovered on Moxa AWK-3121 1.14 devices.
network
low complexity
moxa CWE-284
7.5
2019-06-07 CVE-2018-5264 Improper Access Control vulnerability in UI Unifi Firmware
Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote attackers to bypass intended restrictions on "free time" Wi-Fi usage by sending a /guest/s/default/ request to obtain a cookie, and then using this cookie in a /guest/s/default/login request with the byfree parameter.
network
high complexity
ui CWE-284
5.9