CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,345 vulnerabilities with CWE-284
CVE-2015-3840 MEDIUM
Android < 5.1.1 - Unauthenticated SMS/MMS Status Manipulation via MessageStatusReceiver
CVSS 5.5
CVE-2015-9029 HIGH
Android - Improper Access Control in Modem Memory
CVSS 7.8
CVE-2015-9024 MEDIUM
Android - Improper Access Control in QTEE Application Interfaces
CVSS 5.5
CVE-2015-9021 MEDIUM
Android - Improper Access Control in SMEM Memory
CVSS 5.5
CVE-2015-2692 CRITICAL
AdBlock < 2.20.1 - Improper Access Control via Filter Injection
CVSS 10.0
CVE-2015-3295 MEDIUM
markdown-it < 4.1.0 - Improper Access Control via Data URL Handling
CVSS 5.3
CVE-2015-9006 HIGH
Android - Improper Access Control in Resource Power Manager
CVSS 7.8
CVE-2015-0104 HIGH
IBM Maximo and Tivoli Asset Management - Authenticated Remote Code Execution
CVSS 8.8
CVE-2015-8284 HIGH
SeaWell Networks Spectrum SDC <2.05.00 - Privilege Escalation
CVSS 8.8
CVE-2015-8275 MEDIUM
LVRTC eParakstitajs <3.0 - Code Injection
CVSS 5.5
CVE-2015-7265 HIGH
Facebook Proxygen before 2015-11-09 - Improper Access Control via HTTPMessage.request State Mismanagement
CVSS 7.5
CVE-2015-7263 HIGH
Facebook Proxygen before 2015-11-09 - Access Control Bypass via SPDY/2 Host Header
CVSS 7.5
CVE-2015-4624 HIGH
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
CVSS 7.5
CVE-2015-8627 MEDIUM
MediaWiki < 1.23.12, 1.24.x < 1.24.5, 1.25.x < 1.25.4, 1.26.x < 1.26.1 - Zero-Padded IP Address Bypass
CVSS 5.3
CVE-2015-8987 MEDIUM
McAfee Agent < 4.8.0 - Man-in-the-Middle Attack via ePO Server Migration
CVSS 5.3
CVE-2015-8832 HIGH
dotclear < 2.8.1 - Authenticated Arbitrary PHP Code Execution via File Upload
CVSS 8.8
CVE-2015-6023 HIGH
NetCommWireless HSPA 3G10WVE - Auth Bypass
CVSS 7.3
CVE-2015-7494 LOW
IBM Cloud Orchestrator - Privilege Escalation
CVSS 2.8
CVE-2015-1976 MEDIUM
IBM Security Directory Server 6.0-6.0.0.76, 6.1, 6.2, 6.3.0.0-6.3.1.14, 6.4 - Authenticated DoS via Web Admin Tool
CVSS 5.5
CVE-2015-8973 HIGH
MyBB < 1.6.18 and 1.8.x < 1.8.6 and Merge System < 1.8.6 - Unauthenticated Access Control Bypass via Forum Password
CVSS 8.3
CVE-2015-8140 MEDIUM
ntp < 4.2.8 - Replay Attack via ntpq Protocol
CVSS 4.8
CVE-2015-8139 MEDIUM
ntp < 4.2.8p7 - Remote Peer Impersonation via Origin Timestamp Exposure
CVSS 5.3
CVE-2015-4594 CRITICAL
eClinicalWorks Population Health - Session Fixation
CVSS 9.8
CVE-2015-1000010 HIGH
simple-image-manipulator <1.0 - Info Disclosure
CVSS 7.5
CVE-2015-1000009 CRITICAL
Wordpress plugin google-adsense-and-hotel-booking v1.05 - SSRF
CVSS 9.1
Details
Vulnerabilities 5,345