Vulnerabilities > Improper Access Control

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2023-2104 Improper Access Control vulnerability in Easyappointments
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-284
5.4
2020-10-28 CVE-2020-16261 Improper Access Control vulnerability in Winstonprivacy Winston Firmware 1.5.4
Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access.
low complexity
winstonprivacy CWE-284
6.8
2019-08-30 CVE-2018-15513 Improper Access Control vulnerability in Totemo Totemomail 6.0.0
Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.
network
low complexity
totemo CWE-284
5.3
2019-08-29 CVE-2018-21007 Improper Access Control vulnerability in Wisetr User Email Verification for Woocommerce
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.
network
low complexity
wisetr CWE-284
critical
9.8
2019-08-22 CVE-2015-9337 Improper Access Control vulnerability in Cozmoslabs Profile Builder
The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX.
network
low complexity
cozmoslabs CWE-284
7.5
2019-08-16 CVE-2017-18543 Improper Access Control vulnerability in Invite Anyone Project Invite Anyone
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
network
low complexity
invite-anyone-project CWE-284
critical
9.8
2019-08-08 CVE-2018-20957 Improper Access Control vulnerability in Tapplock One+ Firmware
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 allows replay attacks.
low complexity
tapplock CWE-284
8.8
2019-08-07 CVE-2016-10802 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
network
low complexity
cpanel CWE-284
8.8
2019-08-07 CVE-2016-10799 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
local
low complexity
cpanel CWE-284
5.5
2019-08-06 CVE-2016-10792 Improper Access Control vulnerability in Cpanel
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
network
low complexity
cpanel CWE-284
8.8