Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-03-14 | CVE-2015-0660 | Improper Access Control vulnerability in Cisco Telepresence Server Software Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. | 7.2 |
| 2015-03-11 | CVE-2015-1631 | Improper Access Control vulnerability in Microsoft Exchange Server 2013 Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | 5.0 |
| 2015-03-09 | CVE-2015-1464 | Improper Access Control vulnerability in multiple products RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | 6.4 |
| 2015-02-25 | CVE-2015-0820 | Improper Access Control vulnerability in multiple products Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. | 2.6 |
| 2015-02-19 | CVE-2014-9422 | Improper Access Control vulnerability in MIT Kerberos 5 The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal. | 6.1 |
| 2015-02-17 | CVE-2014-8757 | Improper Access Control vulnerability in LG On-Screen Phone 4.3.009 LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | 8.3 |
| 2015-02-11 | CVE-2015-0008 | Improper Access Control vulnerability in Microsoft products The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." | 8.3 |
| 2015-02-03 | CVE-2015-0929 | Improper Access Control vulnerability in Servision HVG Video Gateway Firmware 2.2.26A77 time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. | 10.0 |
| 2015-02-01 | CVE-2015-0926 | Improper Access Control vulnerability in Labtech Software Labtech 55.170 Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | 6.8 |
| 2015-01-30 | CVE-2014-8833 | Improper Access Control vulnerability in Apple mac OS X SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | 2.1 |