The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
226 vulnerabilities with CWE-425
CVE-2018-0140
MEDIUM
Cisco Email Security Appliance - Unauthorized Spam Quarantine Access via Browser Manipulation
CVSS 6.5
CVE-2018-6624
CRITICAL
OMRON NS Series Firmware 1.1-1.3 - Unauthenticated Authentication Bypass via Direct Request
CVSS 9.8
CVE-2018-0105
MEDIUM
Cisco Unified Communications Manager - Unauthenticated Exposure of Sensitive Information via Database Table Access
CVSS 5.3
CVE-2017-17736
CRITICAL
Kentico - Installer Privilege Escalation
CVSS 9.8
CVE-2017-14993
HIGH
OXID eShop <6.0.0 RC3, <4.10.6, <4.9.11 - Info Disclosure
CVSS 7.5
CVE-2017-15235
HIGH
Horde Groupware <5.2.21 - Auth Bypass
CVSS 7.5
CVE-2017-14244
CRITICAL
iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 - Auth Bypass
CVSS 9.8
CVE-2017-10833
CRITICAL
Dokodemo eye Smart HD <1.0.3.1000 - Auth Bypass
CVSS 9.1
CVE-2017-2161
LOW
FlashAir SD-WE <W-03 and SD-WD/WC <W-02 - Authenticated Unauthorized Data Access
CVSS 3.5
CVE-2017-2143
MEDIUM
CS-Cart Japanese Edition <4.3.10-jp-1 - Auth Bypass
CVSS 5.3
CVE-2017-2139
MEDIUM
CS-Cart Japanese Edition <4.3.10 - Auth Bypass
CVSS 5.3
CVE-2017-2486
MEDIUM
Safari < 10.1 and iPhone OS < 10.3 - Address Bar Spoofing via WebKit
CVSS 6.5
CVE-2016-1000111
MEDIUM
Twisted < 16.3.1 - Remote Proxy Redirection via HTTP_PROXY Environment Variable
CVSS 5.3
CVE-2015-1313
MEDIUM
JetBrains TeamCity <9.0.2 - Auth Bypass
CVSS 6.5
CVE-2015-2873
Trend Micro Deep Discovery Inspector <3.5.1477-<3.8.1263 - Info Dis...
CVE-2005-1892
FlatNuke < 2.5.3 - Denial of Service and Information Disclosure via Direct Request
CVE-2005-1827
D-Link DSL-504T Firmware - Unauthenticated Privilege Escalation via Direct Request
CVE-2005-1697
PostNuke 0.750 and 0.760RC2-RC3 - Information Disclosure via RSS Module Direct Request
CVE-2005-1698
PostNuke 0.750-0.760RC3 - Info Disclosure
CVE-2005-1685
episodex_guestbook - Unauthenticated Authentication Bypass via Direct Request to admin.asp
CVE-2005-1688
MEDIUM
WordPress < 1.5 - Information Disclosure via Direct Request to Theme and Admin Files
CVSS 5.3
CVE-2005-1654
Hosting Controller < 6.1 Hotfix 1.9 - Unauthenticated Arbitrary User Registration via Direct Request
CVE-2005-1668
YusASP Web Asset Manager 1.0 - Privilege Escalation
CVE-2004-2144
Baal Smart Forms <3.2 - Auth Bypass
CVE-2004-2257
MEDIUM
phpMyFAQ 1.4.0 - Unauthenticated Image Manager Access via Direct Request
CVSS 5.3
Details
Vulnerabilities
226