Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-07-26 | CVE-2015-3224 | Improper Access Control vulnerability in Rubyonrails web Console 2.1.2 request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request. | 4.3 |
2015-07-26 | CVE-2015-2847 | Improper Access Control vulnerability in Honeywell Tuxedo Touch Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | 5.0 |
2015-07-22 | CVE-2015-5464 | Improper Access Control vulnerability in Gemalto products The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. | 1.3 |
2015-07-20 | CVE-2015-1922 | Improper Access Control vulnerability in IBM DB2 The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | 3.5 |
2015-07-15 | CVE-2015-4271 | Improper Access Control vulnerability in Cisco Telepresence TC Software Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | 6.4 |
2015-07-14 | CVE-2015-1763 | Improper Access Control vulnerability in Microsoft SQL Server 2008/2012/2014 Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability." | 8.5 |
2015-07-14 | CVE-2015-1761 | Improper Access Control vulnerability in Microsoft SQL Server 2008/2012/2014 Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability." | 6.5 |
2015-07-14 | CVE-2015-3007 | Improper Access Control vulnerability in Juniper Junos 12.1X46/12.1X47/12.3X48 The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 do not properly implement the "set system ports console insecure" feature, which allows physically proximate attackers to gain administrative privileges by leveraging access to the console port. | 7.2 |
2015-07-14 | CVE-2015-1936 | Improper Access Control vulnerability in IBM Websphere Application Server The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | 6.0 |
2015-07-14 | CVE-2015-1927 | Improper Access Control vulnerability in IBM Websphere Application Server The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. | 6.8 |