Vulnerabilities > Improper Access Control
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-11 | CVE-2014-8631 | Improper Access Control vulnerability in Mozilla Firefox and Seamonkey The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. | 4.3 |
2014-12-11 | CVE-2014-1589 | Improper Access Control vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. | 6.8 |
2014-12-11 | CVE-2014-6319 | Improper Access Control vulnerability in Microsoft Exchange Server 2007/2010/2013 Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability." | 5.0 |
2014-12-06 | CVE-2014-9117 | Improper Access Control vulnerability in Mantisbt MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0. | 5.0 |
2014-12-01 | CVE-2014-9151 | Improper Access Control vulnerability in Services Project Services 7.X3.9 The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 7.5 |
2014-11-19 | CVE-2014-6627 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | 9.0 |
2014-11-19 | CVE-2014-6626 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | 10.0 |
2014-11-19 | CVE-2014-6625 | Improper Access Control vulnerability in Arubanetworks Clearpass The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | 9.0 |
2014-11-18 | CVE-2014-6110 | Improper Access Control vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. | 2.1 |
2014-07-28 | CVE-2014-3120 | Improper Access Control vulnerability in Elasticsearch 1.1.1 The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. | 6.8 |