CMSdosma 5.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : CMSdosma v5.0 Unauthorized Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

The Australian Signals Directorate’s Australian Cyber Security Centre ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and the National Security Agency NSA are releasing a joint Cybersecurity Advisory CSA, Preventing Web Application Access Control Abuse, to warn vendors, designers...

Insecure Direct Object Reference

gitlab is vulnerable to Insecure Direct Object Reference. The vulnerability allows an endpoint to reveal an issue title to the user if they craft an API call with the same issue ID...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257

CVE-2023-38257 affects Iagona ScrutisWeb up to version 2.1.37. It is an insecure direct object reference that could allow an unauthenticated attacker to view profile information, including user login names and encrypted passwords. The advisory notes remote exploitation is possible with low attack...

PT-2023-6721 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue is related to an insecure direct object reference vulnerability. This could allow an unauthenticated user to view profile information, including user login names and encrypted...

Bluelaat 1.0 Beta Insecure Direct Object Reference

==================================================================================================================================== | Title : Bluelat V0.1 beta Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

PT-2023-6092 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier Description: The issue is related to an improper input...

BloodBank 1.0 Insecure Direct Object Reference

====================================================================================================================================== | Title : BloodBank v1.0 - Blood Donor Directory CMS with PayPal Integration unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on...

BBAM 1.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : bbam CMS v1.1 unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Bigware-Shop CMS 2.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further...

CVE-2022-42175

Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization...

PT-2023-14067 · Solusvm +1 · Solusvm +1

Name of the Vulnerable Software and Affected Versions: WHMCS module SolusVM version 1.4.1.2 Description: The issue allows an attacker to change the password and hostname of other customer servers without authorization due to an Insecure Direct Object Reference vulnerability. Recommendations: For...

CVE-2022-42175

The CVE-2022-42175 entry applies to the WHMCS module SolusVM, specifically version 1.4.1.2. The vulnerability is an Insecure Direct Object Reference that lets an attacker change the password and hostname of other customers’ servers without authorization. Impact is described as high across confide...

D-Link DAP-1325 Insecure Direct Object Reference

Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...