Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-28 | CVE-2015-1959 | Improper Access Control vulnerability in IBM Tivoli Directory Server IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted files, which allows local users to obtain sensitive information or possibly have unspecified other impact via a (1) download or (2) upload action. | 4.6 |
| 2015-06-13 | CVE-2015-2952 | Improper Access Control vulnerability in Igreks products The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958. | 6.5 |
| 2015-06-09 | CVE-2015-4418 | Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
| 2015-06-09 | CVE-2015-2959 | Improper Access Control vulnerability in Zohocorp Manageengine Netflow Analyzer Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. | 7.5 |
| 2015-06-08 | CVE-2015-4051 | Improper Access Control vulnerability in Beckhoff IPC Diagnostics Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. | 9.0 |
| 2015-06-02 | CVE-2015-4050 | Improper Access Control vulnerability in Sensiolabs Symfony FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. | 4.3 |
| 2015-06-01 | CVE-2015-2267 | Improper Access Control vulnerability in Moodle mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | 4.0 |
| 2015-05-30 | CVE-2015-1937 | Improper Access Control vulnerability in IBM Powervc IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. | 7.5 |
| 2015-05-29 | CVE-2015-0755 | Improper Access Control vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(64) The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. | 6.8 |
| 2015-05-25 | CVE-2015-0180 | Improper Access Control vulnerability in IBM Infosphere Information Server The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. | 5.5 |