SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authorization Bypass (IDOR)

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

CVE-2022-24188

The CVE-2022-24188 entry concerns Ourphoto App 1.4.1, where the /device/signin endpoint returns clear-text credentials (deviceVideoCallPassword and mqttPassword). The issue is compounded by lack of session management and insecure direct object references, enabling disclosure of passwords for othe...

CVE-2022-43492

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

Spoofing

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

CVE-2022-43492

CVE-2022-43492 affects WordPress with the wpDiscuz plugin at version 7.4.2. It is an Insecure Direct Object References (IDOR) in the Comments feature. The NVD entry lists CVSS v3.1 base metrics: 8.8 (High) with NEURAL: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; PatchStack cites a lower impact vector. R...

CVE-2022-40206

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public...

CVE-2022-40206

Summary (CVE-2022-40206) Insecure Direct Object References (IDOR) in the WordPress wpForo Forum plugin &lt;= 2.0.5. Affected component: wpForo Forum plugin for WordPress. Root cause: IDOR allows users with subscriber or higher roles to change a forum post’s visibility to private/public. Impact: e...

CVE-2022-40205 WordPress wpForo Forum plugin <= 2.0.5 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-25282 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions = 2.0.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or...

CVE-2021-36906 WordPress Quiz And Survey Master plugin <= 7.3.6 - Multiple Insecure direct object references (IDOR) vulnerabilities

Multiple Insecure Direct Object References IDOR vulnerabilities in ExpressTech Quiz And Survey Master plugin = 7.3.6 on WordPress...

WordPress plugin ExpressTech Quiz And Survey Master 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

CVE-2022-39945

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

Improper access control

An improper access control vulnerability CWE-284 in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an authenticated admin user assigned to a specific domain to access and modify other domains information via insecure direct object references...

PT-2022-25140 · Fortinet · Fortimail

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.0 through 7.2.0 Description: The issue allows an authenticated admin user assigned to a specific domain to access and modify other domains' information via insecure direct object references IDOR. This is due to an imprope...

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

CVE-2022-41479

CVE-2022-41479 affects DevExpress ASP.NET Web Forms Build v19.2.3. The DevExpress Resource Handler (ASPxHttpHandlerModule) does not verify objects referenced by the /DXR.axd?r= HTTP GET parameter, causing an Insecure Direct Object References (IDOR) that can expose the application source code (ven...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server suffers from a security vulnerability that stems from its insecure direct object references IDORs that may leak team information through the API...