Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-15 | CVE-2016-5661 | Improper Access Control vulnerability in Accela Civic Platform Citizen Access Portal Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | 8.8 |
| 2016-07-15 | CVE-2016-0357 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | 4.3 |
| 2016-07-15 | CVE-2016-0340 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | 7.4 |
| 2016-07-15 | CVE-2016-0339 | Improper Access Control vulnerability in IBM Security Identity Manager Adapter IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | 5.6 |
| 2016-07-15 | CVE-2016-5807 | Improper Access Control vulnerability in Tollgrade Lighthouse SMS Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request. | 8.1 |
| 2016-07-13 | CVE-2016-5109 | Improper Access Control vulnerability in Citrix Worx Home and Xenmobile MDX Toolkit Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | 4.3 |
| 2016-07-13 | CVE-2016-5008 | Improper Access Control vulnerability in multiple products libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | 9.8 |
| 2016-07-13 | CVE-2016-4215 | Improper Access Control vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | 9.8 |
| 2016-07-13 | CVE-2016-3276 | Improper Access Control vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | 3.1 |
| 2016-07-13 | CVE-2016-3274 | Improper Access Control vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | 3.1 |