Lucene search
K

658 matches found

Vulnrichment
Vulnrichment
added 2021/10/26 4:15 a.m.13 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

6.8AI score0.0117EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/26 4:15 a.m.25 views

CVE-2021-41305

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References IDOR vulnerability in the Average Number of Times in Status Gadget. The affected versions are before version...

7.6AI score0.0117EPSS
Exploits0References1
Atlassian
Atlassian
added 2021/10/18 4:31 a.m.42 views

Anonymous users can view names of private projects and filters via Average Time in Status Gadget - CVE-2021-41306

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References IDOR vulnerability in the Average Time in Status Gadget. The affected versions are before version 8.13.12, and from version...

7.5CVSS5.6AI score0.0157EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/09/30 11:15 a.m.15 views

CVE-2021-41298

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

8.8CVSS0.00842EPSS
Exploits1References1
Prion
Prion
added 2021/09/30 11:15 a.m.21 views

Authorization

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

6.5CVSS8.7AI score0.00842EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/09/30 10:41 a.m.17 views

CVE-2021-41298 ECOA BAS controller - Improper Access Control

ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden...

8.8CVSS8.9AI score0.00842EPSS
Exploits1References1
OSV
OSV
added 2021/09/27 4:15 p.m.4 views

CVE-2021-36874

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

8.8CVSS7.3AI score0.01064EPSS
Exploits1References2
NVD
NVD
added 2021/09/27 4:15 p.m.24 views

CVE-2021-36874

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

8.8CVSS0.01064EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/09/27 3:32 p.m.6 views

CVE-2021-36874 WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

7.1CVSS8AI score0.01064EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/27 3:32 p.m.25 views

CVE-2021-36874 WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability in WordPress uListing plugin versions = 2.0.5...

7.1CVSS8.9AI score0.01064EPSS
Exploits1References2
CVE
CVE
added 2021/09/27 3:32 p.m.56 views

CVE-2021-36874

Summary of CVE-2021-36874 : Affected product is WordPress plugin uListing ≤ 2.0.5. The vulnerability is an Authenticated Insecure Direct Object Reference (IDOR) , allowing an authenticated user to access/modify listing data via IDOR endpoints (e.g., publish, feature, delete listings). Root cause ...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/08/09 10:15 a.m.15 views

Cross site request forgery (csrf)

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially...

5.8CVSS8AI score0.00646EPSS
Exploits2References2Affected Software1
Patchstack
Patchstack
added 2021/07/27 12:0 a.m.22 views

WordPress uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) vulnerability

Authenticated Insecure Direct Object References IDOR vulnerability discovered by m0ze Patchstack Red Team in WordPress uListing plugin versions = 2.0.5. Solution Update the WordPress uListing plugin to the latest available version at least 2.0.6...

8.8CVSS2.8AI score0.01064EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/07/02 12:0 a.m.23 views

WordPress Workreap premium theme <= 2.2.1 - Multiple Cross-Site Scripting (CSRF) + Insecure Direct Object References (IDOR) vulnerabilities

Multiple Cross-Site Scripting CSRF + Insecure Direct Object References IDOR vulnerabilities discovered by Harald Eilertsen Jetpack in WordPress Workreap premium theme versions = 2.2.1. Solution Update the WordPress Workreap premium theme to the latest available version at least 2.2.2...

8.1CVSS1.1AI score0.00646EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/07/02 12:0 a.m.192 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS0.6AI score0.00646EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.18 views

Atlassian Jira 8.6.x < 8.13.2 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

4.3CVSS5.1AI score0.012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.24 views

Atlassian Jira < 8.5.10 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

4.3CVSS5.1AI score0.012EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2021/07/02 12:0 a.m.17 views

Workreap < 2.2.2 - Multiple CSRF + IDOR Vulnerabilities

Several AJAX actions available in the theme lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary object...

5.8CVSS3.5AI score0.00646EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2021/06/14 12:0 a.m.230 views

Accela Civic Platform 21.1 Insecure Direct Object Reference

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

6.6AI score0.08236EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/14 12:0 a.m.258 views

Accela Civic Platform 21.1 - &#039;contactSeqNumber&#039; Insecure Direct Object References (IDOR)

Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...

6.5CVSS6.5AI score0.08236EPSS
Exploits4
Rows per page
Query Builder