Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-15 | CVE-2016-6077 | Improper Access Control vulnerability in IBM Cognos Disclosure Management IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. | 5.3 |
| 2017-02-14 | CVE-2016-10223 | Improper Access Control vulnerability in Bigtreecms Bigtree CMS An issue was discovered in BigTree CMS before 4.2.15. | 5.4 |
| 2017-02-13 | CVE-2016-9356 | Improper Access Control vulnerability in Moxa Dacenter 1.4 An issue was discovered in Moxa DACenter Versions 1.4 and older. | 7.8 |
| 2017-02-13 | CVE-2016-5815 | Improper Access Control vulnerability in Schneider-Electric products An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. | 9.8 |
| 2017-02-13 | CVE-2016-5801 | Improper Access Control vulnerability in Omnimetrix Omniview 1.2 An issue was discovered in OmniMetrix OmniView, Version 1.2. | 7.5 |
| 2017-02-13 | CVE-2016-7565 | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9 install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. | 9.8 |
| 2017-02-13 | CVE-2016-2788 | Improper Access Control vulnerability in Puppet Marionette Collective and Puppet Enterprise MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | 9.8 |
| 2017-02-13 | CVE-2016-2787 | Improper Access Control vulnerability in multiple products The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors. | 5.3 |
| 2017-02-13 | CVE-2016-10026 | Improper Access Control vulnerability in Ikiwiki 3.20161219 ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | 7.5 |
| 2017-02-09 | CVE-2015-8832 | Improper Access Control vulnerability in Dotclear Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | 8.8 |