Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-18 | CVE-2015-5826 | Improper Access Control vulnerability in Apple Iphone OS and Safari WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 4.3 |
2015-09-16 | CVE-2015-1173 | Improper Access Control vulnerability in Unit4 Teta web Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters." | 7.5 |
2015-09-11 | CVE-2015-6675 | Improper Access Control vulnerability in Siemens Ruggedcom Rugged Operating System 3.8.0/4.0.0/4.1.0 Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | 4.3 |
2015-09-09 | CVE-2015-2534 | Improper Access Control vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012 Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." | 1.9 |
2015-09-09 | CVE-2015-2509 | Improper Access Control vulnerability in Microsoft products Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." | 9.3 |
2015-08-19 | CVE-2015-4299 | Improper Access Control vulnerability in Cisco Unified web and E-Mail Interaction Manager 9.0(2) Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | 5.5 |
2015-08-19 | CVE-2015-4298 | Improper Access Control vulnerability in Cisco Unified web and E-Mail Interaction Manager 11.0(1)/9.0(2) Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors, aka Bug ID CSCuo89056. | 6.5 |
2015-08-19 | CVE-2015-4302 | Improper Access Control vulnerability in Cisco Firesight System Software 5.3.1.4 The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | 6.4 |
2015-08-18 | CVE-2015-5512 | Improper Access Control vulnerability in ME Aliases Project ME Aliases The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. | 5.0 |
2015-08-18 | CVE-2015-5502 | Improper Access Control vulnerability in Storage API Project Storage API The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |