Vulnerabilities > Permissions, Privileges, and Access Controls

DATE CVE VULNERABILITY TITLE RISK
2015-12-31 CVE-2015-5989 Permissions, Privileges, and Access Controls vulnerability in Zyxel Gs1900-10Hp Firmware 2.40
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
network
low complexity
zyxel CWE-264
critical
9.8
2015-12-31 CVE-2015-6020 Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5
ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.
low complexity
zyxel CWE-264
8.0
2015-12-31 CVE-2015-6018 Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
network
low complexity
zyxel CWE-264
critical
9.8
2015-12-31 CVE-2015-5995 Permissions, Privileges, and Access Controls vulnerability in multiple products
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
network
low complexity
tenda mediabridge CWE-264
critical
9.8
2015-12-30 CVE-2015-7792 Permissions, Privileges, and Access Controls vulnerability in Corega Cg-Wlbargs Firmware
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
network
low complexity
corega CWE-264
critical
9.8
2015-12-30 CVE-2015-7788 Permissions, Privileges, and Access Controls vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.
network
low complexity
asus CWE-264
7.3
2015-12-30 CVE-2015-7249 Permissions, Privileges, and Access Controls vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
network
low complexity
zte CWE-264
4.9
2015-12-30 CVE-2015-5663 Permissions, Privileges, and Access Controls vulnerability in Rarlab Winrar 5.30
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
local
high complexity
rarlab CWE-264
7.4
2015-12-29 CVE-2015-5252 Permissions, Privileges, and Access Controls vulnerability in multiple products
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.
network
low complexity
samba canonical debian CWE-264
7.2
2015-12-28 CVE-2015-6850 Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.
local
low complexity
emc CWE-264
8.4