Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-0610 | Improper Privilege Management vulnerability in Zenphoto Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | 7.2 |
| 2018-06-26 | CVE-2018-0573 | Improper Privilege Management vulnerability in Basercms baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors. | 5.3 |
| 2018-06-26 | CVE-2018-0566 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-12884 | Improper Privilege Management vulnerability in Octopus Deploy 3.0 In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu. | 6.5 |
| 2018-06-21 | CVE-2017-2672 | Improper Privilege Management vulnerability in multiple products A flaw was found in foreman before version 1.15 in the logging of adding and registering images. | 8.8 |
| 2018-06-18 | CVE-2018-9022 | Improper Privilege Management vulnerability in Broadcom Privileged Access Manager An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | 9.8 |
| 2018-06-18 | CVE-2018-9021 | Improper Privilege Management vulnerability in Broadcom Privileged Access Manager An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | 9.8 |
| 2018-06-16 | CVE-2018-5756 | Improper Privilege Management vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks. | 4.3 |
| 2018-06-15 | CVE-2018-1460 | Improper Privilege Management vulnerability in IBM Puredata System for Analytics 1.0.0 IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. | 7.8 |
| 2018-06-12 | CVE-2018-12261 | Improper Privilege Management vulnerability in Apollotechnologiesinc Momentum Axel 720P Firmware 5.1.8 An issue was discovered on Momentum Axel 720P 5.1.8 devices. | 4.4 |