Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2016-8588 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | 7.3 |
| 2017-04-28 | CVE-2016-8587 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sensorSDK/backup_pol/. | 7.3 |
| 2017-04-28 | CVE-2016-8584 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | 9.8 |
| 2017-04-24 | CVE-2016-5551 | Improper Access Control vulnerability in Oracle Solaris Cluster 4.3 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). | 2.8 |
| 2017-04-24 | CVE-2015-0104 | Improper Access Control vulnerability in IBM products IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | 8.8 |
| 2017-04-21 | CVE-2016-2433 | Improper Access Control vulnerability in Google Android The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | 8.8 |
| 2017-04-21 | CVE-2016-1518 | Improper Access Control vulnerability in Grandstream Wave 1.0.1.26 The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | 8.1 |
| 2017-04-20 | CVE-2016-3733 | Improper Access Control vulnerability in Moodle The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | 4.3 |
| 2017-04-20 | CVE-2016-3729 | Improper Access Control vulnerability in Moodle The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | 6.5 |
| 2017-04-20 | CVE-2016-4850 | Improper Access Control vulnerability in Linecorp Line 4.3.0.724/4.7.0/4.8.2.1125 LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |