Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2016-9956 Improper Access Control vulnerability in multiple products
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
network
low complexity
debian fedoraproject flightgear CWE-284
7.5
2017-02-22 CVE-2016-9378 Improper Access Control vulnerability in XEN
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
local
low complexity
xen CWE-284
5.5
2017-02-15 CVE-2016-6077 Improper Access Control vulnerability in IBM Cognos Disclosure Management
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document.
local
low complexity
ibm CWE-284
5.3
2017-02-14 CVE-2016-10223 Improper Access Control vulnerability in Bigtreecms Bigtree CMS
An issue was discovered in BigTree CMS before 4.2.15.
network
low complexity
bigtreecms CWE-284
5.4
2017-02-13 CVE-2016-9356 Improper Access Control vulnerability in Moxa Dacenter 1.4
An issue was discovered in Moxa DACenter Versions 1.4 and older.
local
low complexity
moxa CWE-284
7.8
2017-02-13 CVE-2016-5815 Improper Access Control vulnerability in Schneider-Electric products
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series.
network
low complexity
schneider-electric CWE-284
critical
9.8
2017-02-13 CVE-2016-5801 Improper Access Control vulnerability in Omnimetrix Omniview 1.2
An issue was discovered in OmniMetrix OmniView, Version 1.2.
network
low complexity
omnimetrix CWE-284
7.5
2017-02-13 CVE-2016-7565 Improper Access Control vulnerability in Exponentcms Exponent CMS 2.3.9
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter.
network
low complexity
exponentcms CWE-284
critical
9.8
2017-02-13 CVE-2016-2788 Improper Access Control vulnerability in Puppet Marionette Collective and Puppet Enterprise
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
network
low complexity
puppet CWE-284
critical
9.8
2017-02-13 CVE-2016-2787 Improper Access Control vulnerability in multiple products
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors.
network
low complexity
puppetlabs puppet CWE-284
5.3