Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-01-15 | CVE-2013-7293 | Improper Access Control vulnerability in Asus Wl-330Nul The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | 5.0 |
| 2013-09-30 | CVE-2013-4316 | Improper Access Control vulnerability in multiple products Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | 10.0 |
| 2013-08-16 | CVE-2013-4213 | Improper Access Control vulnerability in Redhat Jboss Enterprise Application Platform 6.1.0 Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | 6.4 |
| 2012-07-12 | CVE-2012-2351 | Improper Access Control vulnerability in multiple products The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | 5.0 |
| 2012-06-02 | CVE-2012-2947 | Improper Access Control vulnerability in multiple products chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | 2.6 |
| 2012-05-03 | CVE-2012-1327 | Improper Access Control vulnerability in Cisco IOS dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | 6.1 |
| 2009-08-13 | CVE-2009-2092 | Improper Access Control vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | 7.5 |
| 2008-06-30 | CVE-2008-2947 | Improper Access Control vulnerability in Microsoft Internet Explorer 5.01/6/7 Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | 6.8 |
| 2001-05-30 | CVE-2001-0781 | Improper Access Control vulnerability in Pi-Soft Spoonftp 1.0.0.12 Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | 7.5 |