3454 matches found
grafana: IDOR vulnerability can lead to information disclosure
An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
CVE-2022-42129
CVE-2022-42129 describes an insecure direct object reference (IDOR) in the Dynamic Data Mapping module of Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.3 before update 4, 7.4 GA . The vulnerability allows remote authenticated users to view/access form entries via the formInstanceRecordId paramet...
CVE-2022-42129
An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities
Multiple Insecure direct object references IDOR vulnerabilities were discovered by Vlad Vector Patchstack in WordPress Quiz And Survey Master plugin versions = 7.3.6. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 7.3.7...
CVE-2022-36966
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...
CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6
Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...
SUSE-SU-2022:3676-1 Security update for grafana
This update for grafana fixes the following issues: Updated to version 8.5.13 jscPED-2145, jscSLE-23439, jscSLE-23422, jscSLE-24565: - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation bsc1203596. - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is us...
Adobe Commerce 输入验证错误漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
PT-2022-21762 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.5 through 15.1.5 GitLab EE versions 15.2 through 15.2.3 GitLab EE versions 15.3 through 15.3.1 Description: An issue has been discovered in GitLab EE's Zentao integration, which has an insecure direct object reference th...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-3331
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that may be exploited ...
CVE-2022-42067
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...
Design/Logic Flaw
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference IDOR vulnerability...