3452 matches found
PT-2021-15855 · WordPress · Listeo
Name of the Vulnerable Software and Affected Versions: Listeo WordPress theme versions prior to 1.6.11 Description: The issue allows any authenticated users to delete arbitrary pages/posts and bookings via an IDOR vector because it does not ensure that the post/page and booking to be deleted belo...
Security fix for the ALT Linux 9 package glpi version 9.5.4-alt1
9.5.4-alt1 built April 14, 2021 Pavel Zilke in task 269862 March 31, 2021 Pavel Zilke - New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Improper Access Control IDOR Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
UBUNTU-CVE-2021-21324
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions"
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference IDOR on "Solutions". This vulnerability gives an unauthorized user the abili...
PT-2021-14421 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.4 Description: The issue concerns an Insecure Direct Object Reference IDOR on "Solutions" in GLPI. This allows an unauthorized user to enumerate GLPI items names, including users' logins, using the knowbase search...
UBUNTU-CVE-2021-21255
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4...
GLPI 安全漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
PT-2021-14365 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.3 Description: GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI, it was possible to switch entities with IDOR from a...
Nextcloud Deck Access Control Error Vulnerability (CNVD-2021-12652)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
CVE-2020-8297
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
Design/Logic Flaw
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference IDOR vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user...
CVE-2020-8297
CVE-2020-8297 affects Nextcloud Deck prior to 1.0.2, with an insecure direct object reference (IDOR) that lets a user with a duplicate username access deck data belonging to a previously deleted user. The issue stems from access control handling in the Deck app and is confirmed by multiple source...
Nextcloud Deck 安全漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck before 1.0.2 that stems from an insecure direct object reference IDOR. An attacker could exploit the...
CVE-2020-35577
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...
CVE-2020-35577
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...
CVE-2020-35577
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference IDOR allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier aka CommonDownload identification number...
CVE-2020-35577
Endalia Selection Portal (before 4.205.0) is affected by an Insecure Direct Object Reference (IDOR) vulnerability. Authenticated users can download any uploaded file by altering the file identifier (CommonDownload ID). This is the root cause described across multiple sources linked to CVE-2020-35...