Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2016-06-19 CVE-2016-4514 Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
network
high complexity
moxa CWE-863
7.7
2012-08-06 CVE-2012-1342 Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.
network
low complexity
cisco CWE-863
5.8
2009-08-28 CVE-2008-7109 Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
network
low complexity
kyoceramita CWE-863
critical
9.8
2009-06-25 CVE-2009-2213 Incorrect Authorization vulnerability in Citrix products
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
network
low complexity
citrix CWE-863
6.5
2009-01-30 CVE-2009-0034 Incorrect Authorization vulnerability in multiple products
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
local
low complexity
gratisoft vmware CWE-863
7.8
2008-10-15 CVE-2008-4577 Incorrect Authorization vulnerability in multiple products
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7.5
2006-12-21 CVE-2006-6679 Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
network
low complexity
chetcpasswd-project CWE-863
7.5
2001-08-23 CVE-2001-1155 Incorrect Authorization vulnerability in Freebsd 4.1.1/4.2/4.3
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
network
low complexity
freebsd CWE-863
critical
9.8