Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-284

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

5,300 vulnerabilities with CWE-284

CVE-2024-10994 MEDIUM

Codezips Online Institute Management System 1.0 - Unrestricted File Upload via /edit_user.php Image Parameter

CVE-2024-10993 MEDIUM

Codezips Online Institute Management System 1.0 - Unrestricted File Upload via Website Image Parameter

CVE-2024-48010 MEDIUM

Dell PowerProtect DD < 7.7.5.50 - Privilege Escalation via Improper Access Control

CVE-2024-51995 HIGH

Combodo iTop < 3.2.0 - Improper Access Control via ajax.render.php Route Dispatch

CVE-2024-10965 MEDIUM

emqx neuron < 2.10.0 - Information Disclosure via JSON File Handler

CVE-2024-51988 MEDIUM

RabbitMQ <3.12.11 - Privilege Escalation

CVE-2024-10916 MEDIUM

D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - Information Disclosure via /xml/info.xml

CVE-2024-7429 MEDIUM

Zotpress <= 7.3.12 - Authenticated Unauthorized Data Modification via Missing Capability Check

CVE-2024-51734 HIGH

Zope AccessControl <7.2 - Info Disclosure

CVE-2024-10766 MEDIUM

Free Exam Hall Seating Management System 1.0 - Unrestricted File Upload via Image Argument in save_user.php

CVE-2024-10765 MEDIUM

Codezips Online Institute Management System <= 1.0 - Unrestricted File Upload via Profile Image Parameter

CVE-2024-10764 MEDIUM

Codezips Online Institute Management System 1.0 - Unrestricted File Upload via Image Parameter in save_user.php

CVE-2024-7424 MEDIUM

Multiple Page Generator Plugin - Unauthorized Access

CVE-2024-50353 MEDIUM

ICG.AspNetCore.Utilities.CloudStorage < 8.0.0 - Improper Access Control in SAS Uri Duration Handling

CVE-2024-48955 HIGH

NetAdmin 4.030319 - Info Disclosure

CVE-2024-10241 MEDIUM

Mattermost <9.5.10 - Info Disclosure

CVE-2024-47481 MEDIUM

Dell Data Lakehouse 1.0.0.0 1.1.0 - Unauthenticated Denial of Service

CVE-2024-10353 MEDIUM

SourceCodester Online Exam System 1.0 - Improper Access Control in Admin Dashboard

CVE-2024-48932 MEDIUM

ZimaOS < 1.5.0 - Unauthenticated Sensitive Information Exposure via User Name API Endpoint

CVE-2024-9692 MEDIUM

VIMESA VHF/FM Transmitter Blue Plus - DoS

CVE-2024-45334 HIGH

Trend Micro Antivirus One <3.10.4 - Info Disclosure

CVE-2024-48925 NONE

Umbraco CMS 14.0.0-14.2.9 - Improper Access Control in Webhook API

CVE-2024-38204 HIGH

Azure Functions - Privilege Escalation via Improper Access Control

CVE-2024-21248 MEDIUM

Oracle VM VirtualBox < 7.0.22 - Authenticated Improper Access Control

CVE-2024-21247 LOW

MySQL Client <= 8.0.39, <= 8.4.2, <= 9.0.1 - Authenticated Improper Access Control in mysqldump

Previous Page 94 of 212 Next

Details

Vulnerabilities 5,300

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy