Vulnerabilities > Permissions, Privileges, and Access Controls
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-12-31 | CVE-2015-5989 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Gs1900-10Hp Firmware 2.40 Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | 9.8 |
2015-12-31 | CVE-2015-6020 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | 8.0 |
2015-12-31 | CVE-2015-6018 | Permissions, Privileges, and Access Controls vulnerability in Zyxel Pmg5318-B20A Firmware V100Aanc0B5 The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | 9.8 |
2015-12-31 | CVE-2015-5995 | Permissions, Privileges, and Access Controls vulnerability in multiple products Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | 9.8 |
2015-12-30 | CVE-2015-7792 | Permissions, Privileges, and Access Controls vulnerability in Corega Cg-Wlbargs Firmware Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | 9.8 |
2015-12-30 | CVE-2015-7788 | Permissions, Privileges, and Access Controls vulnerability in Asus Wl-330Nul Firmware 3.0.0.41 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | 7.3 |
2015-12-30 | CVE-2015-7249 | Permissions, Privileges, and Access Controls vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. | 4.9 |
2015-12-30 | CVE-2015-5663 | Permissions, Privileges, and Access Controls vulnerability in Rarlab Winrar 5.30 The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user. | 7.4 |
2015-12-29 | CVE-2015-5252 | Permissions, Privileges, and Access Controls vulnerability in multiple products vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | 7.2 |
2015-12-28 | CVE-2015-6850 | Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5 EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | 8.4 |