Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2017-03-12 CVE-2017-6816 Incorrect Authorization vulnerability in multiple products
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
network
low complexity
wordpress debian CWE-863
4.9
2017-03-09 CVE-2017-6590 Incorrect Authorization vulnerability in Canonical Ubuntu Linux
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10.
high complexity
canonical CWE-863
6.3
2017-02-15 CVE-2017-3801 Incorrect Authorization vulnerability in Cisco Unified Computing System Director 6.0.0.0/6.0.0.1
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability.
local
low complexity
cisco CWE-863
8.8
2016-07-13 CVE-2016-4178 Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
network
low complexity
adobe CWE-863
4.3
2016-06-19 CVE-2016-4514 Incorrect Authorization vulnerability in Moxa Pt-7728 and Pt-7728 Firmware
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.
network
high complexity
moxa CWE-863
7.7
2012-08-06 CVE-2012-1342 Incorrect Authorization vulnerability in Cisco Carrier Routing System 3.9.0/4.0.0/4.1.0
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.
network
low complexity
cisco CWE-863
5.8
2009-08-28 CVE-2008-7109 Incorrect Authorization vulnerability in Kyoceramita Scanner File Utility 3.3.0.1
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
network
low complexity
kyoceramita CWE-863
critical
9.8
2009-06-25 CVE-2009-2213 Incorrect Authorization vulnerability in Citrix products
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
network
low complexity
citrix CWE-863
6.5
2009-01-30 CVE-2009-0034 Incorrect Authorization vulnerability in multiple products
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
local
low complexity
gratisoft vmware CWE-863
7.8
2008-10-15 CVE-2008-4577 Incorrect Authorization vulnerability in multiple products
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7.5