3454 matches found
Schneider Electric 1.0 Insecure Direct Object Reference
Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...
PT-2023-16630 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows an authenticated attacker with regular user permissions to update arbitrary user session data, including username, email, and password. This is due to the application being vulnerable to...
LISTSERV 17 - Insecure Direct Object Reference (IDOR) Vulnerability
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE :...
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Date: 12/02/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019...
CVE-2023-24625
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
Design/Logic Flaw
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
CVE-2023-24625
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference IDOR attack...
Insecure Direct Object Reference
wallabag/wallabag is vulnerable to Insecure Direct Object Reference. The vulnerability is due to improper authentication checks in the addTagFormAction function of TagController.php which allows an admin authenticated remote attacker to add tags and get direct access to objects in the internal...
Atlassian Jira < 8.13.12 Indirect Direct Object Reference In Status Gadget
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.0. It is, therefore, affected by a vulnerability which allows anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object...
CVE-2023-0453 WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...
Moodle 3.10.x < 3.10.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...
Moodle 4.0.x < 4.0.6 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...
Moodle 3.11.x < 3.11.12 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...
Moodle 3.9.x < 3.9.19 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...
Moodle 3.9.x < 3.9.5 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...
SUSE CVE-2018-17449
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference...
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...
GHSA-QWX8-MXXX-MG96 wallabag contains Improper Authorization via export feature
Description The export feature lets a user export a single entry or a set of entries in a given format e.g. PDF, MOBI, TXT. For example, https://yourinstance.wallabag.org/export/45.pdf will export the entry with id 45 in PDF format. Since wallabag 2.0.0-alpha.1, this feature is vulnerable to an...
Multiple Vulnerabilities Patched in Quick Restaurant Menu Plugin
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to Missing Authorization, Insecure Direct Object Reference,...
CVE-2023-0550
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu...