3454 matches found
memos 授权问题漏洞
memos is an open source hosted meme center with knowledge management and social features. A vulnerability in authorization issues exists in versions prior to memos 0.9.1, which can be exploited by an attacker to archive any post public/private using IDOR...
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
The plugin suffers from an Insecure Direct Object Reference IDOR vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointmentid query parameter. PoC curl -s...
Telos Alliance Omnia MPX Node Insecure Direct Object Reference Vulnerability
The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
Input validation
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995 TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. This is due to insufficient validation of the user-controlled key on the lockunlockterawallet AJAX action. This makes it possible for authenticated attackers, with...
CVE-2022-3995
The CVE-2022-3995 entry concerns the WordPress TeraWallet plugin with insecure direct object reference (IDOR) in versions up to 1.4.3. Root cause: insufficient validation of the user-controlled key in the lock_unlock_terawallet AJAX action, enabling authenticated users with subscriber-level permi...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
CVE-2022-43326
An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...
CVE-2022-43326
CVE-2022-43326 affects Telos Alliance Omnia MPX Node versions 1.0.0–1.4.[*], where an insecure direct object reference in the password reset feature lets an attacker arbitrarily change passwords for any user, including Administrators. The root cause is IDOR in the password reset flow. Impact is h...
CVE-2022-24187
The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...
CVE-2022-24187
The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...
Design/Logic Flaw
The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...
CVE-2022-24187
CVE-2022-24187 affects Ourphoto App 1.4.1, specifically the /device/* endpoints. The root cause is insecure direct object references in which end-user identifiers (user_id and device_id) can be enumerated by incrementing/decrementing IDs, allowing attackers to discover other users’ email addresse...
CVE-2022-24187
The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...
PT-2022-16527 · Unknown · Ourphoto App
Name of the Vulnerable Software and Affected Versions: Ourphoto App version 1.4.1 Description: The issue affects the /device/ end-points, where the user id and device id values suffer from insecure direct object reference vulnerabilities. An attacker can enumerate other end-users' user id and...
CVE-2022-24187
The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...
CVE-2022-43492
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
GHSA-G6X4-57HP-J4XM Authorization Bypass in Liferay Portal
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...