3452 matches found
CVE-2021-36032
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privile...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
Design/Logic Flaw
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
CVE-2021-40352
OpenEMR 6.0.0 is affected by CVE-2021-40352 due to an insecure direct object reference in pnotes_print.php?noteid= that allows reading other users’ messages (IDOR). Exploitation PoCs exist (e.g., PoC notes/public exploits show changing noteid to access others’ messages, including admin messages)....
CVE-2021-40352
OpenEMR 6.0.0 has a pnotesprint.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users...
OpenEMR 6.0.0 Insecure Direct Object Reference
Exploit Title: Openemr 6.0.0 - Insecure direct object references Date: 31/8/2021 Exploit Author: Allen Enosh Upputori Vendor Homepage: https://community.open-emr.org Version: 6.0.0 Tested on: Linux CVE: 2021-40352 PoC: An attacker who has Physician Access can read messages with were sent to other...
Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
GHSA-54GP-QFF8-946C Insecure direct object reference of log files of the Import/Export feature
Impact Insecure direct object reference of log files of the Import/Export feature Patches We recommend updating to the current version 6.4.3.1. You can get the update to 6.4.3.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6...
Tecknodreams SapphireIMS Insecure Direct Object Reference Vulnerability
Tecknodreams SapphireIMS is an ITIL 2011 certified enterprise class service management system from Tecknodreams India. A security vulnerability exists in Tecknodreams SapphireIMS 40971. The vulnerability stems from an insecure direct object reference in the local user creation function. An attack...
CVE-2021-37709
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Design/Logic Flaw
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
CVE-2021-37709 Insecure direct object reference of log files of the Import/Export feature
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding securit...
Shopware 日志信息泄露漏洞
Shopware is an open source e-commerce software.The import/export functionality in versions of Shopware prior to 6.4.3.1 is vulnerable to insecure direct object referencing of log files. No detailed vulnerability details are currently available...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...
Default credentials
In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...
CVE-2017-16631
In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...
CVE-2017-16631
In SapphireIMS 4097_1, an Insecure Direct Object Reference (IDOR) in the Account Password Reset feature allows a guest user to change an administrative user’s password. Root cause: IDOR exposure enabling unauthorized password reset. Impact: unauthorized admin credential modification. Exploitation...
CVE-2017-16630
In SapphireIMS 40971, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference IDOR in the local user creation function...