Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-25 | CVE-2016-1000032 | Improper Access Control vulnerability in Python Tgcaptcha2 0.3.0 TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | 7.5 |
| 2016-10-25 | CVE-2016-1000031 | Improper Access Control vulnerability in Apache Commons Fileupload Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | 9.8 |
| 2016-10-22 | CVE-2016-0241 | Improper Access Control vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | 8.8 |
| 2016-10-14 | CVE-2016-3392 | Improper Access Control vulnerability in Microsoft Edge The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability." | 5.3 |
| 2016-10-14 | CVE-2016-0142 | Improper Access Control vulnerability in Microsoft products Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability." | 7.8 |
| 2016-10-13 | CVE-2016-6958 | Improper Access Control vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass intended access restrictions via unspecified vectors. | 9.8 |
| 2016-10-13 | CVE-2016-4286 | Improper Access Control vulnerability in multiple products Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. | 8.8 |
| 2016-10-13 | CVE-2016-4407 | Improper Access Control vulnerability in SAP Sapcryptolib 5.555.38 The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | 6.5 |
| 2016-10-13 | CVE-2016-3635 | Improper Access Control vulnerability in SAP Netweaver 7.40 SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | 7.5 |
| 2016-10-13 | CVE-2016-8565 | Improper Access Control vulnerability in Siemens Automation License Manager 5.3 Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | 9.1 |