Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.
Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.
HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.
Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication.
Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.
In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.
An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function.
A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipu
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.
Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token.
Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges.
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functional
Page 1+ Next →