Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-08 | CVE-2016-9920 | Improper Access Control vulnerability in Roundcube Webmail steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | 7.5 |
| 2016-12-06 | CVE-2016-5341 | Improper Access Control vulnerability in Google Android The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | 5.9 |
| 2016-12-05 | CVE-2016-9836 | Improper Access Control vulnerability in Joomla Joomla! The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. | 9.8 |
| 2016-12-05 | CVE-2016-9835 | Improper Access Control vulnerability in Zikula Application Framework Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | 9.8 |
| 2016-12-05 | CVE-2016-9157 | Improper Access Control vulnerability in Siemens Sicam Pas/Pqs A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | 9.8 |
| 2016-12-05 | CVE-2016-9156 | Improper Access Control vulnerability in Siemens Sicam Pas/Pqs A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 |
| 2016-12-01 | CVE-2016-3044 | Improper Access Control vulnerability in IBM Powerkvm The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | 6.5 |
| 2016-11-30 | CVE-2016-2887 | Improper Access Control vulnerability in IBM IMS Enterprise Suite IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 8.1 |
| 2016-11-30 | CVE-2016-2874 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 3.1 |
| 2016-11-30 | CVE-2016-8222 | Improper Access Control vulnerability in Lenovo products A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. | 4.4 |