The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Conflu...
A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh...
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.