Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-05-07 | CVE-2015-0531 | Improper Access Control vulnerability in EMC Sourceone Email Management 7.1 EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
2015-05-01 | CVE-2015-0914 | Improper Access Control vulnerability in Kozos Easyctf EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | 5.0 |
2015-04-28 | CVE-2015-1151 | Improper Access Control vulnerability in Apple OS X Server Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | 5.0 |
2015-04-24 | CVE-2015-3148 | Improper Access Control vulnerability in multiple products cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | 5.0 |
2015-04-24 | CVE-2015-0297 | Improper Access Control vulnerability in Redhat Jboss Operations Network 3.3.1 Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. | 9.0 |
2015-04-13 | CVE-2015-0840 | Improper Access Control vulnerability in multiple products The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). | 4.3 |
2015-04-13 | CVE-2015-0675 | Improper Access Control vulnerability in Cisco Adaptive Security Appliance Software The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | 8.3 |
2015-04-11 | CVE-2015-0694 | Improper Access Control vulnerability in Cisco products Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. | 5.0 |
2015-04-10 | CVE-2015-1115 | Improper Access Control vulnerability in Apple Iphone OS The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | 4.4 |
2015-04-06 | CVE-2015-0119 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | 7.5 |