PT-2023-5432 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.6 Description: The issue is related to an Insecure Direct Object Reference IDOR in the graph xport.php component, allowing unauthorized access to any graph via a modified local graph id parameter. This can enable a...

EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities

The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and...

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...

Web Stock 3.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Web Stock v3.0 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Yourdoctor CMS 1.5 Insecure Direct Object Reference

==================================================================================================================================== | Title : Yourdoctor CMS v1.5 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CMSdosma 5.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : CMSdosma v5.0 Unauthorized Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

Yourdoctor CMS 1.4 Insecure Direct Object Reference

==================================================================================================================================== | Title : Yourdoctor CMS v1.4 Unauthorised Administrative Access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

The Australian Signals Directorate’s Australian Cyber Security Centre ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and the National Security Agency NSA are releasing a joint Cybersecurity Advisory CSA, Preventing Web Application Access Control Abuse, to warn vendors, designers...

WordPress Simple Author Box Plugin < 2.52 is vulnerable to Insecure Direct Object References (IDOR)

Software Simple Author Box Type Plugin Vulnerable versions 2.52 Fixed in 2.52 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3601 Patch priority Low CVSS severity Low 6.5 Developer WebFactory Ltd. PSID c55453b38919 Credits Dmitriy Require...

Insecure Direct Object Reference

gitlab is vulnerable to Insecure Direct Object Reference. The vulnerability allows an endpoint to reveal an issue title to the user if they craft an API call with the same issue ID...

WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)

Software Photo Engine Type Plugin Vulnerable versions = 6.2.5 Fixed in 6.2.6 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-38513 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fe9d14feafc3 Credits Rafshanzani...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257

CVE-2023-38257 affects Iagona ScrutisWeb up to version 2.1.37. It is an insecure direct object reference that could allow an unauthenticated attacker to view profile information, including user login names and encrypted passwords. The advisory notes remote exploitation is possible with low attack...

PT-2023-6721 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue is related to an insecure direct object reference vulnerability. This could allow an unauthenticated user to view profile information, including user login names and encrypted...

Bluelaat 1.0 Beta Insecure Direct Object Reference

==================================================================================================================================== | Title : Bluelat V0.1 beta Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Bigware-Shop CMS 2.1 Insecure Direct Object Reference

==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...