Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-03 | CVE-2016-10105 | Improper Access Control vulnerability in Piwigo admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. | 9.8 |
| 2016-12-30 | CVE-2016-10085 | Improper Access Control vulnerability in Piwigo admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter. | 7.2 |
| 2016-12-30 | CVE-2016-10084 | Improper Access Control vulnerability in Piwigo admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | 7.2 |
| 2016-12-30 | CVE-2016-10082 | Improper Access Control vulnerability in S9Y Serendipity include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file. | 9.8 |
| 2016-12-29 | CVE-2016-9877 | Improper Access Control vulnerability in multiple products An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. | 9.8 |
| 2016-12-23 | CVE-2016-7967 | Improper Access Control vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 8.1 |
| 2016-12-18 | CVE-2016-5192 | Improper Access Control vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | 6.5 |
| 2016-12-18 | CVE-2016-5189 | Improper Access Control vulnerability in Google Chrome Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | 6.5 |
| 2016-12-17 | CVE-2016-9951 | Improper Access Control vulnerability in Apport Project Apport An issue was discovered in Apport before 2.20.4. | 6.5 |
| 2016-12-16 | CVE-2016-8824 | Improper Access Control vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. | 7.8 |