Vulnerabilities > Improper Access Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-06 | CVE-2016-2272 | Improper Access Control vulnerability in Eaton Lighting Systems EG2 web Control 4.04P Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | 7.5 |
| 2016-04-05 | CVE-2016-0289 | Improper Access Control vulnerability in IBM Maximo Asset Management shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | 4.3 |
| 2016-04-05 | CVE-2015-8523 | Improper Access Control vulnerability in IBM Tivoli Storage Manager Fastback The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | 7.5 |
| 2016-03-29 | CVE-2016-1760 | Improper Access Control vulnerability in Apple Iphone OS The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | 6.2 |
| 2016-03-28 | CVE-2016-0226 | Improper Access Control vulnerability in IBM Informix Dynamic Server 11.70.Xcn The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | 7.8 |
| 2016-03-24 | CVE-2016-1782 | Improper Access Control vulnerability in Apple Iphone OS WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | 6.5 |
| 2016-03-24 | CVE-2016-1776 | Improper Access Control vulnerability in Apple mac OS X Server Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | 5.3 |
| 2016-03-24 | CVE-2016-1774 | Improper Access Control vulnerability in Apple mac OS X Server The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | 5.3 |
| 2016-03-24 | CVE-2016-1770 | Improper Access Control vulnerability in Apple mac OS X The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | 6.5 |
| 2016-03-14 | CVE-2016-0222 | Improper Access Control vulnerability in IBM products IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | 4.3 |